EIP-2026-102480

PRE-CVE

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102480. PoCs published by Digital Misfits.

AI-analyzed exploit summary The document describes multiple vulnerabilities in DrayTek VigorACS SI (<= 1.3.0), including default credentials, unauthenticated file read/write, path traversal, arbitrary file upload, and local unzip functionality, all of which can be chained to achieve remote code execution (RCE) as root.

Description

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP
by Digital Misfits · textwebappsjsp
https://www.exploit-db.com/exploits/34928

The document describes multiple vulnerabilities in DrayTek VigorACS SI (<= 1.3.0), including default credentials, unauthenticated file read/write, path traversal, arbitrary file upload, and local unzip functionality, all of which can be chained to achieve remote code execution (RCE) as root.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DrayTek VigorACS SI <= 1.3.0
No auth needed
Prerequisites: Network access to the target system · Knowledge of default credentials (acs/password)
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026