CVE-2023-47254
N/A
N/A
Summary
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt
- https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023
References
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt
- https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.