DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID (CWE-77).
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
DrayTek Vigor 2700 ADSL router version 2.8.3 contains a command injection vulnerability. The Vigor router stores discovered SSIDs of surrounding access points into the
sWlessSurvey variable inside
An attacker within range of the DrayTek Vigor ADSL router can edit the SSID on their malicious access point to corrupt the
variables.js file. This may cause the DrayTek router to call external scripts or make unauthorized changes to the settings, which may include poisoning the DNS cache.
This attack requires the victim to manually scan for SSID values from the web administration page. Conversely, the device will automatically scan for any SSIDs in range when it is first powered on.
We are currently unaware of a practical solution to this problem.
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Notified: September 06, 2013 Updated: October 10, 2013
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector
Base | 4.3 | AV:A/AC:H/Au:N/C:P/I:P/A:P
Temporal | 3.7 | E:POC/RL:U/RC:UR
Environmental | 0.9 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND
Thanks to Juraj Kosik for reporting this vulnerability.
This document was written by Adam Rauf.
CVE IDs: | CVE-2013-5703
Date Public: | 2013-10-22
Date First Published: | 2013-10-22
Date Last Updated: | 2013-10-22 13:28 UTC
Document Revision: | 26