CVE-2020-14993

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:17

Type Values Removed Values Added
References
  • {'url': 'https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)', 'name': 'https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29 -

Information

Published : 2020-06-23 12:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-14993

Mitre link : CVE-2020-14993

CVE.ORG link : CVE-2020-14993


JSON object : View

Products Affected

draytek

  • vigor3900_firmware
  • vigor300b
  • vigor300b_firmware
  • vigor3900
  • vigor2960_firmware
  • vigor2960
CWE
CWE-787

Out-of-bounds Write