← back
CVE-2023-47254

CVE-2023-47254

EPSS 2.2%
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txthttps://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023