CVE-2023-31447

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-04-28 CVE Reserved
2023-08-21 CVE Published
2024-10-07 CVE Updated
2024-10-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (2)

URL	Tag	Source
https://draytek.com	Product
https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Draytek Search vendor "Draytek"	Vigor2620 Firmware Search vendor "Draytek" for product "Vigor2620 Firmware"	< 3.9.8.4 Search vendor "Draytek" for product "Vigor2620 Firmware" and version " < 3.9.8.4"	-	Affected	in	Draytek Search vendor "Draytek"	Vigor2620 Search vendor "Draytek" for product "Vigor2620"	-	-	Safe
Draytek Search vendor "Draytek"	Vigor2625 Firmware Search vendor "Draytek" for product "Vigor2625 Firmware"	*	-	Affected	in	Draytek Search vendor "Draytek"	Vigor2625 Search vendor "Draytek" for product "Vigor2625"	-	-	Safe