1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Multiple DrayTek Vigor Routers Web Management Page Vulnerability

Known Exploited Vulnerabilities CVE-2020-8515 Mappings

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2020-8515 Multiple DrayTek Vigor Routers Web Management Page Vulnerability secondary_impact T1496 Resource Hijacking
Comments
CVE-2020-8515 is a command injection vulnerability affecting certain DrayTek devices, This vulnerability allows an attacker to make arbitrary commands on the affected devices without authentication. Successful exploitation has been reported leading to resource hijacking for botnet use.
References
  1. https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/
  2. https://thehackernews.com/2020/03/draytek-network-hacking.html
CVE-2020-8515 Multiple DrayTek Vigor Routers Web Management Page Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2020-8515 is a command injection vulnerability affecting certain DrayTek devices, This vulnerability allows an attacker to make arbitrary commands on the affected devices without authentication. Successful exploitation has been reported leading to resource hijacking for botnet use.
References
  1. https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/
  2. https://thehackernews.com/2020/03/draytek-network-hacking.html
CVE-2020-8515 Multiple DrayTek Vigor Routers Web Management Page Vulnerability exploitation_technique T1133 External Remote Services
Comments
CVE-2020-8515 is a command injection vulnerability affecting certain DrayTek devices, This vulnerability allows an attacker to make arbitrary commands on the affected devices without authentication. Successful exploitation has been reported leading to resource hijacking for botnet use.
References
  1. https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/
  2. https://thehackernews.com/2020/03/draytek-network-hacking.html