CVE-2018-20872
MEDIUM EXPLOITEDDrayTek Firmware < 2018-05-23 - Cross-Site Request Forgery
Title source: llmExploitation Summary
CVE-2018-20872 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://www.draytek.com/about/security-advisory/urgent-security-updates-to-draytek-routers
Scores
CVSS v3
6.5
EPSS
0.0051
EPSS Percentile
39.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
VulnCheck KEV
2018-05-18
CWE
CWE-352
Status
published
Products (1)
i-lan/draytekl_firmware
< 2018-05-23
Published
Jul 31, 2019
Tracked Since
Feb 18, 2026