Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-33778

Published: 01/06/2023 Updated: 09/06/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Draytek

Vulnerability Summary

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows malicious users to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.

Vulnerable Product Search on Vulmon Subscribe to Product

draytek myvigor

draytek vigorswitch_pq2200xb_firmware

draytek vigorswitch_pq2121x_firmware

draytek vigorswitch_p2540xs_firmware

draytek vigorswitch_p2280x_firmware

draytek vigorswitch_p2100_firmware

draytek vigorswitch_q2200x_firmware

draytek vigorswitch_q2121x_firmware

draytek vigorswitch_g2540xs_firmware

draytek vigorswitch_g2280x_firmware

draytek vigorswitch_g2121_firmware

draytek vigorswitch_g2100_firmware

draytek vigorswitch_fx2120_firmware

draytek vigorswitch_p1282_firmware

draytek vigorswitch_g1282_firmware

draytek vigorswitch_g1085_firmware

draytek vigorswitch_g1080_firmware

draytek vigorap_903_firmware

draytek vigorap_912c_firmware

draytek vigorap_918r_firmware

draytek vigorap_1060c_firmware

draytek vigorap_906_firmware

draytek vigorap_960c_firmware

draytek vigorap_1000c_firmware

draytek vigor2766ac_firmware

draytek vigor2766ax_firmware

draytek vigor2766vac_firmware

draytek vigor2765ax_firmware

draytek vigor2765vac_firmware

draytek vigor2765ac_firmware

draytek vigor2763ac_firmware

draytek vigor2620l_firmware

draytek vigor2620ln_firmware

draytek vigorlte_200n_firmware

draytek vigor2915ac_firmware

draytek vigor2135ac_firmware

draytek vigor2135ax_firmware

draytek vigor2135fvac_firmware

draytek vigor2135vac_firmware

draytek vigor2866ax_firmware

draytek vigor2866ac_firmware

draytek vigor2866vac_firmware

draytek vigor2866l_firmware

draytek vigor2866lac_firmware

draytek vigor2865ac_firmware

draytek vigor2865ax_firmware

draytek vigor2865vac_firmware

draytek vigor2865l_firmware

draytek vigor2865lac_firmware

draytek vigor2862n_firmware

draytek vigor2862ac_firmware

draytek vigor2862vac_firmware

draytek vigor2862b_firmware

draytek vigor2862bn_firmware

draytek vigor2862l_firmware

draytek vigor2862lac_firmware

draytek vigor2862ln_firmware

draytek vigor2832n_firmware

draytek vigor2927ax_firmware

draytek vigor2927ac_firmware

draytek vigor2927vac_firmware

draytek vigor2927f_firmware

draytek vigor2927l_firmware

draytek vigor2927lac_firmware

draytek vigor2926_plus_firmware

draytek vigor2962_firmware

draytek vigor1000b_firmware

draytek vigor3910_firmware

draytek vigor165_firmware

draytek vigor166_firmware

draytek vigor130_firmware

draytek vigor167_firmware

References

CWE-798https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225efhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook