CVE-2023-47254

An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt	Exploit Third Party Advisory
https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023	Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt	Exploit Third Party Advisory
https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:draytek:vigor167_firmware:5.2.2:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigor167:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-09 08:15

Updated : 2024-11-21 08:30

NVD link : CVE-2023-47254

Mitre link : CVE-2023-47254

CVE.ORG link : CVE-2023-47254

JSON object : View

Products Affected

draytek

vigor167
vigor167_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-47254", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-12-09T08:15:06.787", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface."}, {"lang": "es", "value": "Una inyecci\u00f3n de comando del sistema operativo en la interfaz CLI en DrayTek Vigor167 versi\u00f3n 5.2.2 permite a atacantes remotos ejecutar comandos arbitrarios del sistema y escalar privilegios a trav\u00e9s de cualquier cuenta creada dentro de la interfaz web."}], "lastModified": "2024-11-21T08:30:03.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor167_firmware:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8ADA814-1612-48FD-BB70-B71D00CE3233"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor167:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71A66A89-CF31-4C63-9562-707C03117104"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}