Page Content
The Multi-State
Information Sharing & Analysis Center (MS-ISAC) has released an
advisory regarding two vulnerable command injection points in DrayTek
devices (CVE-2020-8515). An attacker could exploit these
vulnerabilities to take control of an affected system.
CERT Bulgaria
encourages users and administrators to review MS-ISAC Advisory
2020-043 and the DrayTek Security Advisory for CVE-2020-8515 and
apply the necessary updates and mitigations.
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-draytek-products-could-allow-for-arbitrary-code-execution_2020-043/
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)