Skip to main content
CVE-2020-8515 CRITICAL POC KEV THREAT Act Now

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Vigor2960 Firmware Vigor300b Firmware Vigor3900 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2020-8512 MEDIUM POC THREAT This Month

In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icewarp Server
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
14.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy