CVE-2020-8515 – Qualys ThreatPROTECT

Publicly-known Vulnerabilities Exploited by State-sponsored Cyber Threat Actors

Posted by Dhiren Vaghela on October 21, 2020December 1, 2020

In the start of Oct 2020, Cybersecurity and Infrastructure Security Agency (CISA) published an advisory notifying about vulnerabilities that were exploited in the wild to retrieve sensitive data such as intellectual property, economic, political, as well as military information. According to CISA, in the light of heightened tensions between U.S. and China, these vulnerabilities were … Continue reading “Publicly-known Vulnerabilities Exploited by State-sponsored Cyber Threat Actors”

Draytek Command Injection Vulnerability (CVE-2020-8515)

Posted by Dhiren Vaghela on May 6, 2020June 6, 2020

Summary: In the first week of May 2020,certain vulnerabilities have been observed that allows command injection in DrayTek devices. DrayTek manufactures firewalls, VPN devices, routers and wireless LAN devices. Successful exploitation could allow an attacker to manipulate and play on network traffic, escalated privileges or accounts even, operate SSH ans as such. Description: DrayTek Vigor … Continue reading “Draytek Command Injection Vulnerability (CVE-2020-8515)”