CVE-2023-47254: OS Command Injection
First published: Sat Dec 09 2023(Updated: )
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Draytek Vigor167 Firmware | =5.2.2 | |
| DrayTek Vigor Routers |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-47254?
CVE-2023-47254 is considered a critical vulnerability due to its ability to allow remote command execution and privilege escalation.
How do I fix CVE-2023-47254?
To fix CVE-2023-47254, upgrade the DrayTek Vigor167 to a patched firmware version that addresses the OS Command Injection issue.
Who is affected by CVE-2023-47254?
CVE-2023-47254 affects users of the DrayTek Vigor167 running firmware version 5.2.2.
What types of attacks can exploit CVE-2023-47254?
CVE-2023-47254 can be exploited through OS Command Injection attacks from the CLI interface.
What are the potential impacts of exploiting CVE-2023-47254?
Exploiting CVE-2023-47254 can lead to unauthorized remote access, arbitrary command execution, and escalated privileges.
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/draytek
- canonical/draytek vigor167 firmware
- version/draytek vigor167 firmware/5.2.2
- canonical/draytek vigor routers