CERT mailing list archives

Previous By Date Next
Previous By Thread Next

MS-ISAC Releases Advisory on DrayTek Devices

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Wed, 01 Apr 2020 19:06:16 +0000
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



MS-ISAC Releases Advisory on DrayTek Devices [ 
https://www.us-cert.gov/ncas/current-activity/2020/04/01/ms-isac-releases-advisory-draytek-devices ] 04/01/2020 01:24 
PM EDT 
Original release date: April 1, 2020

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory regarding two vulnerable 
command injection points in DrayTek devices (CVE-2020-8515). An attacker could exploit these vulnerabilities to take 
control of an affected system. These vulnerabilities were detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC 
Advisory 2020-043 [ 
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-draytek-products-could-allow-for-arbitrary-code-execution_2020-043/
 ] and the DrayTek Security Advisory for CVE-2020-8515  [ 
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)
 ]and apply the necessary updates and mitigations.

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: