Описание
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:draytek:vigor167_firmware:5.2.2:*:*:*:*:*:*:*
cpe:2.3:h:draytek:vigor167:-:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02135
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.
EPSS
Процентиль: 84%
0.02135
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78