Vulnerabilities > Draytek > Vigor2960 Firmware > 1.5.1.4

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-6265 Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4/1.5.1.5
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files.
network
low complexity
draytek CWE-22
8.1
8.1
2023-03-15 CVE-2023-24229 Command Injection vulnerability in Draytek Vigor2960 Firmware 1.5.1.4
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter.
local
low complexity
draytek CWE-77
7.8
7.8
2023-02-24 CVE-2023-1009 Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5.
local
low complexity
draytek CWE-22
5.5
5.5