2 matches found
CVE-2023-33778
Summary: CVE-2023-33778 relates to Draytek Vigor devices (Routers, Access Points, Switches, Myvigor) that ship with hardcoded encryption keys. This flaw lets an attacker bind an affected device to their own account and subsequently create WCF and DrayDDNS licenses and synchronize them from the we...
CVE-2023-47254
CVE-2023-47254 describes an OS Command Injection in the CLI interface of DrayTek Vigor167 (version 5.2.2) that can allow remote execution of arbitrary system commands and privilege escalation via any account created in the web interface. The PT-2023-30395 entry provides concrete remediation guida...