CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-31447

user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.2%

CVSS Severity

CVSS v3 Score 9.8

References

https://draytek.com
https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4
https://draytek.com
https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4

Products affected by CVE-2023-31447

Draytek » Vigor2620 » Version: N/A

cpe:2.3:h:draytek:vigor2620:-
Draytek » Vigor2625 » Version: N/A

cpe:2.3:h:draytek:vigor2625:-
Draytek » Vigor2620 Firmware » Version: Any

cpe:2.3:o:draytek:vigor2620_firmware:*
Draytek » Vigor2625 Firmware » Version: Any

cpe:2.3:o:draytek:vigor2625_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-31447

Products

Pricing

Contact Us