OS Command Injection in DrayTek Vigor167 CLI Interface

OS Command Injection in DrayTek Vigor167 CLI Interface

CVE-2023-47254 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.

Learn more about our Web App Pen Testing.