Skip to main content

CVE-2020-10826: n/a in n/a

Critical
VulnerabilityCVE-2020-10826cvecve-2020-10826
Published: Thu Mar 26 2020 (03/26/2020, 16:05:03 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.

AI-Powered Analysis

AILast updated: 07/03/2025, 09:55:03 UTC

Technical Analysis

CVE-2020-10826 is a critical remote command injection vulnerability affecting Draytek Vigor3900, Vigor2960, and Vigor300B network devices running firmware versions prior to 1.5.1. The vulnerability exists in the /cgi-bin/activate.cgi endpoint when the device is operating in DEBUG mode. An unauthenticated remote attacker can send specially crafted HTTP requests to this endpoint, exploiting insufficient input validation and command sanitization, to execute arbitrary system commands on the affected device. This type of vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command). The CVSS v3.1 base score is 9.8, indicating a critical severity level with network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. Successful exploitation could allow attackers to take full control of the device, manipulate network traffic, disrupt services, or use the compromised device as a foothold for further attacks within the network. No public exploits are currently known in the wild, but the high severity and ease of exploitation make this a significant threat to organizations using these Draytek devices, especially if DEBUG mode is enabled and devices are exposed to untrusted networks.

Potential Impact

For European organizations, the impact of this vulnerability can be severe. Draytek devices are commonly used as enterprise routers, firewalls, and VPN gateways, often deployed at branch offices or remote sites. Exploitation could lead to full compromise of these network perimeter devices, allowing attackers to intercept or manipulate sensitive communications, disrupt business operations, or pivot into internal networks. This could result in data breaches, loss of network availability, and potential regulatory non-compliance under GDPR due to unauthorized access to personal data. Critical infrastructure sectors relying on these devices for secure connectivity may face operational disruptions. The lack of authentication and user interaction requirements increases the risk, especially for devices exposed to the internet or poorly segmented networks. Organizations with remote workforces or distributed networks using these models are particularly vulnerable.

Mitigation Recommendations

1. Immediately verify if any Draytek Vigor3900, Vigor2960, or Vigor300B devices are deployed within the network and identify their firmware versions. 2. Upgrade all affected devices to firmware version 1.5.1 or later, where the vulnerability is patched. 3. Disable DEBUG mode on all devices unless explicitly required for troubleshooting, as this mode exposes the vulnerable endpoint. 4. Restrict access to management interfaces and CGI endpoints by implementing network segmentation and firewall rules to limit access to trusted administrative hosts only. 5. Monitor network traffic for unusual HTTP requests targeting /cgi-bin/activate.cgi and implement intrusion detection/prevention signatures to detect exploitation attempts. 6. Conduct regular vulnerability assessments and penetration tests focusing on network devices to identify similar weaknesses. 7. Maintain an asset inventory and ensure timely patch management processes for all network infrastructure devices. 8. Educate network administrators about the risks of enabling DEBUG mode in production environments.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2020-03-22T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981dc4522896dcbdb141

Added to database: 5/21/2025, 9:08:45 AM

Last enriched: 7/3/2025, 9:55:03 AM

Last updated: 7/30/2025, 7:42:33 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats