CVE-2023-47254
CRITICALDrayTek Vigor167 5.2.2 - Authenticated OS Command Injection via CLI Interface
Title source: llmDescription
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt
Scores
CVSS v3
9.8
EPSS
0.0220
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
draytek/vigor167_firmware
5.2.2
Published
Dec 09, 2023
Tracked Since
Feb 18, 2026