Vulnerabilities > CVE-2023-31447 - Unspecified vulnerability in Draytek Vigor2620 Firmware and Vigor2625 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

draytek

critical

NVD

Published: 2023-08-21

Updated: 2023-08-30

Summary

user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Draytek Draytek Vigor2620 Firmware * Draytek Vigor2625 Firmware *	2
Hardware	Draytek Draytek Vigor2620 - Draytek Vigor2625 -	2

References

https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4
https://draytek.com