CVE-2023-47254

2023-12-0900:00:00

mitre

www.cve.org

os command injection

draytek vigor167

cli interface

remote attackers

arbitrary system commands

privilege escalation

AI Score

Confidence

High

EPSS

0.002

Percentile

55.8%

JSON

An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.

References

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt

www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023