How severe is CVE-2023-1009?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-1009?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2023-1009 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Related Vulnerabilities

CVE-2010-0481

MEDIUM

CVSS:5.5(Medium)

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows ...

CWE-222010

CVE-2014-9485

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry ...

CWE-222014

CVE-2014-9983

MEDIUM

CVSS:5.5(Medium)

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files vi...

CWE-222014

CVE-2015-6591

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter.

CWE-222015

CVE-2016-7569

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.

CWE-222016

CVE-2016-7842

MEDIUM

CVSS:5.5(Medium)

Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.

CWE-222016