CERT mailing list archives
MS-ISAC Releases Advisory on DrayTek Devices
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Wed, 01 Apr 2020 19:06:16 +0000
Cybersecurity and Infrastructure Security Agency Logo National Cyber Awareness System: MS-ISAC Releases Advisory on DrayTek Devices [ https://www.us-cert.gov/ncas/current-activity/2020/04/01/ms-isac-releases-advisory-draytek-devices ] 04/01/2020 01:24 PM EDT Original release date: April 1, 2020 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory regarding two vulnerable command injection points in DrayTek devices (CVE-2020-8515). An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2020-043 [ https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-draytek-products-could-allow-for-arbitrary-code-execution_2020-043/ ] and the DrayTek Security Advisory for CVE-2020-8515 [ https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) ]and apply the necessary updates and mitigations. This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ https://www.dhs.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- MS-ISAC Releases Advisory on DrayTek Devices US-CERT (Apr 01)