CVE-2023-33778

Exploit

EPSS 0.25%
Veröffentlicht 01.06.2023 04:15:10
Zuletzt bearbeitet 09.01.2025 18:15:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Draytek ≫ Myvigor Version < 2.3.2

Draytek ≫ Vigorswitch Pq2200xb Firmware Version < 2.6.7

Draytek ≫ Vigorswitch Pq2200xb Version-

Draytek ≫ Vigorswitch Pq2121x Firmware Version < 2.6.7

Draytek ≫ Vigorswitch Pq2121x Version-

Draytek ≫ Vigorswitch P2540xs Firmware Version < 2.6.7

Draytek ≫ Vigorswitch P2540xs Version-

Draytek ≫ Vigorswitch P2280x Firmware Version < 2.6.7

Draytek ≫ Vigorswitch P2280x Version-

Draytek ≫ Vigorswitch P2100 Firmware Version < 2.6.7

Draytek ≫ Vigorswitch P2100 Version-

Draytek ≫ Vigorswitch Q2200x Firmware Version < 2.6.7

Draytek ≫ Vigorswitch Q2200x Version-

Draytek ≫ Vigorswitch Q2121x Firmware Version < 2.6.7

Draytek ≫ Vigorswitch Q2121x Version-

Draytek ≫ Vigorswitch G2540xs Firmware Version < 2.6.7

Draytek ≫ Vigorswitch G2540xs Version-

Draytek ≫ Vigorswitch G2280x Firmware Version < 2.6.7

Draytek ≫ Vigorswitch G2280x Version-

Draytek ≫ Vigorswitch G2121 Firmware Version < 2.6.7

Draytek ≫ Vigorswitch G2121 Version-

Draytek ≫ Vigorswitch G2100 Firmware Version < 2.6.7

Draytek ≫ Vigorswitch G2100 Version-

Draytek ≫ Vigorswitch Fx2120 Firmware Version < 2.6.7

Draytek ≫ Vigorswitch Fx2120 Version-

Draytek ≫ Vigorswitch P1282 Firmware Version < 2.6.7

Draytek ≫ Vigorswitch P1282 Version-

Draytek ≫ Vigorswitch G1282 Firmware Version < 2.6.7

Draytek ≫ Vigorswitch G1282 Version-

Draytek ≫ Vigorswitch G1085 Firmware Version < 2.6.7

Draytek ≫ Vigorswitch G1085 Version-

Draytek ≫ Vigorswitch G1080 Firmware Version < 2.6.7

Draytek ≫ Vigorswitch G1080 Version-

Draytek ≫ Vigorap 903 Firmware Version < 1.4.0

Draytek ≫ Vigorap 903 Version-

Draytek ≫ Vigorap 912c Firmware Version < 1.4.0

Draytek ≫ Vigorap 912c Version-

Draytek ≫ Vigorap 918r Firmware Version < 1.4.0

Draytek ≫ Vigorap 918r Version-

Draytek ≫ Vigorap 1060c Firmware Version < 1.4.0

Draytek ≫ Vigorap 1060c Version-

Draytek ≫ Vigorap 906 Firmware Version < 1.4.0

Draytek ≫ Vigorap 906 Version-

Draytek ≫ Vigorap 960c Firmware Version < 1.4.0

Draytek ≫ Vigorap 960c Version-

Draytek ≫ Vigorap 1000c Firmware Version < 1.4.0

Draytek ≫ Vigorap 1000c Version-

Draytek ≫ Vigor2766ac Firmware Version < 3.9.6

Draytek ≫ Vigor2766ac Version-

Draytek ≫ Vigor2766ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2766ac Version-

Draytek ≫ Vigor2766ax Firmware Version < 3.9.6

Draytek ≫ Vigor2766ax Version-

Draytek ≫ Vigor2766ax Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2766ax Version-

Draytek ≫ Vigor2766vac Firmware Version < 3.9.6

Draytek ≫ Vigor2766vac Version-

Draytek ≫ Vigor2766vac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2766vac Version-

Draytek ≫ Vigor2765ax Firmware Version < 3.9.6

Draytek ≫ Vigor2765ax Version-

Draytek ≫ Vigor2765ax Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2765ax Version-

Draytek ≫ Vigor2765vac Firmware Version < 3.9.6

Draytek ≫ Vigor2765vac Version-

Draytek ≫ Vigor2765vac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2765vac Version-

Draytek ≫ Vigor2765ac Firmware Version < 3.9.6

Draytek ≫ Vigor2765ac Version-

Draytek ≫ Vigor2765ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2765ac Version-

Draytek ≫ Vigor2763ac Firmware Version < 3.9.6

Draytek ≫ Vigor2763ac Version-

Draytek ≫ Vigor2763ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2763ac Version-

Draytek ≫ Vigor2620l Firmware Version < 3.9.6

Draytek ≫ Vigor2620l Version-

Draytek ≫ Vigor2620l Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2620l Version-

Draytek ≫ Vigor2620ln Firmware Version < 3.9.6

Draytek ≫ Vigor2620ln Version-

Draytek ≫ Vigor2620ln Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2620ln Version-

Draytek ≫ Vigorlte 200n Firmware Version < 3.9.6

Draytek ≫ Vigorlte 200n Version-

Draytek ≫ Vigorlte 200n Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigorlte 200n Version-

Draytek ≫ Vigor2915ac Firmware Version < 3.9.6

Draytek ≫ Vigor2915ac Version-

Draytek ≫ Vigor2915ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2915ac Version-

Draytek ≫ Vigor2135ac Firmware Version < 3.9.6

Draytek ≫ Vigor2135ac Version-

Draytek ≫ Vigor2135ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2135ac Version-

Draytek ≫ Vigor2135ax Firmware Version < 3.9.6

Draytek ≫ Vigor2135ax Version-

Draytek ≫ Vigor2135ax Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2135ax Version-

Draytek ≫ Vigor2135fvac Firmware Version < 3.9.6

Draytek ≫ Vigor2135fvac Version-

Draytek ≫ Vigor2135fvac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2135fvac Version-

Draytek ≫ Vigor2135vac Firmware Version < 3.9.6

Draytek ≫ Vigor2135vac Version-

Draytek ≫ Vigor2135vac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2135vac Version-

Draytek ≫ Vigor2866ax Firmware Version < 3.9.6

Draytek ≫ Vigor2866ax Version-

Draytek ≫ Vigor2866ax Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2866ax Version-

Draytek ≫ Vigor2866ac Firmware Version < 3.9.6

Draytek ≫ Vigor2866ac Version-

Draytek ≫ Vigor2866ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2866ac Version-

Draytek ≫ Vigor2866vac Firmware Version < 3.9.6

Draytek ≫ Vigor2866vac Version-

Draytek ≫ Vigor2866vac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2866vac Version-

Draytek ≫ Vigor2866l Firmware Version < 3.9.6

Draytek ≫ Vigor2866l Version-

Draytek ≫ Vigor2866l Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2866l Version-

Draytek ≫ Vigor2866lac Firmware Version < 3.9.6

Draytek ≫ Vigor2866lac Version-

Draytek ≫ Vigor2866lac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2866lac Version-

Draytek ≫ Vigor2865ac Firmware Version < 3.9.6

Draytek ≫ Vigor2865ac Version-

Draytek ≫ Vigor2865ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2865ac Version-

Draytek ≫ Vigor2865ax Firmware Version < 3.9.6

Draytek ≫ Vigor2865ax Version-

Draytek ≫ Vigor2865ax Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2865ax Version-

Draytek ≫ Vigor2865vac Firmware Version < 3.9.6

Draytek ≫ Vigor2865vac Version-

Draytek ≫ Vigor2865vac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2865vac Version-

Draytek ≫ Vigor2865l Firmware Version < 3.9.6

Draytek ≫ Vigor2865l Version-

Draytek ≫ Vigor2865l Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2865l Version-

Draytek ≫ Vigor2865lac Firmware Version < 3.9.6

Draytek ≫ Vigor2865lac Version-

Draytek ≫ Vigor2865lac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2865lac Version-

Draytek ≫ Vigor2862n Firmware Version < 3.9.6

Draytek ≫ Vigor2862n Version-

Draytek ≫ Vigor2862n Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2862n Version-

Draytek ≫ Vigor2862ac Firmware Version < 3.9.6

Draytek ≫ Vigor2862ac Version-

Draytek ≫ Vigor2862ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2862ac Version-

Draytek ≫ Vigor2862vac Firmware Version < 3.9.6

Draytek ≫ Vigor2862vac Version-

Draytek ≫ Vigor2862vac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2862vac Version-

Draytek ≫ Vigor2862b Firmware Version < 3.9.6

Draytek ≫ Vigor2862b Version-

Draytek ≫ Vigor2862b Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2862b Version-

Draytek ≫ Vigor2862bn Firmware Version < 3.9.6

Draytek ≫ Vigor2862bn Version-

Draytek ≫ Vigor2862bn Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2862bn Version-

Draytek ≫ Vigor2862l Firmware Version < 3.9.6

Draytek ≫ Vigor2862l Version-

Draytek ≫ Vigor2862l Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2862l Version-

Draytek ≫ Vigor2862lac Firmware Version < 3.9.6

Draytek ≫ Vigor2862lac Version-

Draytek ≫ Vigor2862lac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2862lac Version-

Draytek ≫ Vigor2862ln Firmware Version < 3.9.6

Draytek ≫ Vigor2862ln Version-

Draytek ≫ Vigor2862ln Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2862ln Version-

Draytek ≫ Vigor2832n Firmware Version < 3.9.6

Draytek ≫ Vigor2832n Version-

Draytek ≫ Vigor2832n Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2832n Version-

Draytek ≫ Vigor2927ax Firmware Version < 3.9.6

Draytek ≫ Vigor2927ax Version-

Draytek ≫ Vigor2927ax Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2927ax Version-

Draytek ≫ Vigor2927ac Firmware Version < 3.9.6

Draytek ≫ Vigor2927ac Version-

Draytek ≫ Vigor2927ac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2927ac Version-

Draytek ≫ Vigor2927vac Firmware Version < 3.9.6

Draytek ≫ Vigor2927vac Version-

Draytek ≫ Vigor2927vac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2927vac Version-

Draytek ≫ Vigor2927f Firmware Version < 3.9.6

Draytek ≫ Vigor2927f Version-

Draytek ≫ Vigor2927f Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2927f Version-

Draytek ≫ Vigor2927l Firmware Version < 3.9.6

Draytek ≫ Vigor2927l Version-

Draytek ≫ Vigor2927l Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2927l Version-

Draytek ≫ Vigor2927lac Firmware Version < 3.9.6

Draytek ≫ Vigor2927lac Version-

Draytek ≫ Vigor2927lac Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2927lac Version-

Draytek ≫ Vigor2926 Plus Firmware Version < 3.9.6

Draytek ≫ Vigor2926 Plus Version-

Draytek ≫ Vigor2926 Plus Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2926 Plus Version-

Draytek ≫ Vigor2962 Firmware Version < 3.9.6

Draytek ≫ Vigor2962 Version-

Draytek ≫ Vigor2962 Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor2962 Version-

Draytek ≫ Vigor1000b Firmware Version < 3.9.6

Draytek ≫ Vigor1000b Version-

Draytek ≫ Vigor1000b Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor1000b Version-

Draytek ≫ Vigor3910 Firmware Version < 3.9.6

Draytek ≫ Vigor3910 Version-

Draytek ≫ Vigor3910 Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor3910 Version-

Draytek ≫ Vigor165 Firmware Version < 3.9.6

Draytek ≫ Vigor165 Version-

Draytek ≫ Vigor165 Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor165 Version-

Draytek ≫ Vigor166 Firmware Version < 3.9.6

Draytek ≫ Vigor166 Version-

Draytek ≫ Vigor166 Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor166 Version-

Draytek ≫ Vigor130 Firmware Version < 3.9.6

Draytek ≫ Vigor130 Version-

Draytek ≫ Vigor130 Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor130 Version-

Draytek ≫ Vigor167 Firmware Version < 3.9.6

Draytek ≫ Vigor167 Version-

Draytek ≫ Vigor167 Firmware Version >= 4.0.0 < 4.2.4

Draytek ≫ Vigor167 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.481

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-33778

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33778

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33778

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-33778