Search criteria
3 vulnerabilities found for myvigor by draytek
VAR-202306-0072
Vulnerability from variot - Updated: 2025-01-10 23:14Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor2832n",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2763ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor167",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigorswitch pq2200xb",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2862b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2620ln",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2766ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2927vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2927ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2862vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2866ax",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor165",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor3910",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2927ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorap 1060c",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "1.4.0"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2862ln",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorswitch g1085",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2766vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorswitch fx2120",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigorswitch p1282",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2862ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2620l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorap 960c",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "1.4.0"
},
{
"model": "vigor2766ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigorap 903",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "1.4.0"
},
{
"model": "vigor2832n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor167",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2865vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorswitch q2200x",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2765ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2135ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2862l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor130",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2766ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2926 plus",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2862ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2135vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorap 918r",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "1.4.0"
},
{
"model": "vigor2866ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2865ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2135ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2927l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2866lac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2862n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorswitch g2540xs",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2866ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2765ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2915ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2862l",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2766ax",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2927f",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2927lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2865lac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor166",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigorswitch g1282",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2862lac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2865l",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorlte 200n",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2862b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2862bn",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2862n",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2765vac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2763ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2620ln",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2866l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2865ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2915ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorswitch g2100",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2620ln",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorswitch p2280x",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2926 plus",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2927vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2962",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2620l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2862b",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2927ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "myvigor",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.3.2"
},
{
"model": "vigor2862vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2862lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2865l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2135fvac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorswitch p2540xs",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2766vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2866vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2862bn",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2927ax",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2765vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorswitch p2100",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2866lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2862ln",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2135vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2832n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor167",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2865ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorap 1000c",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "1.4.0"
},
{
"model": "vigor2135ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2927l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2865lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorswitch g2280x",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigorap 912c",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "1.4.0"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigorlte 200n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2765ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2866ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2866ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2765ax",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2135ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor130",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2135vac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigorswitch g2121",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2865ax",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2927ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorswitch pq2121x",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2135ax",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2927l",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2766ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2862ln",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2927f",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2866ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2765ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2866l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2927lac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2865vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2862ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2765ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2135ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor130",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2926 plus",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorap 906",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "1.4.0"
},
{
"model": "vigor2915ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2135fvac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2865ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2620l",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2866vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2763ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2866l",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2862l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2766ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2866lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2927vac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2862lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2865l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2927f",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2865vac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2927ac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2862vac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2927lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorswitch g1080",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor2862bn",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2865lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigor2862n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2135fvac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2765vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
},
{
"model": "vigor2766vac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2866vac",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorlte 200n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6"
},
{
"model": "vigorswitch q2121x",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "2.6.7"
},
{
"model": "vigor1000b",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.0.0"
},
{
"model": "vigor2865ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33778"
}
]
},
"cve": "CVE-2023-33778",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-33778",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-33778",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-33778",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-003",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-003"
},
{
"db": "NVD",
"id": "CVE-2023-33778"
},
{
"db": "NVD",
"id": "CVE-2023-33778"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33778"
},
{
"db": "VULMON",
"id": "CVE-2023-33778"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-33778",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202306-003",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-33778",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-33778"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-003"
},
{
"db": "NVD",
"id": "CVE-2023-33778"
}
]
},
"id": "VAR-202306-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-01-10T23:14:18.414000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33778"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://gist.github.com/ji4n1ng/6d028709d39458f5ab95b3ea211225ef"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-33778/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-33778"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-003"
},
{
"db": "NVD",
"id": "CVE-2023-33778"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-33778"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-003"
},
{
"db": "NVD",
"id": "CVE-2023-33778"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33778"
},
{
"date": "2023-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-003"
},
{
"date": "2023-06-01T04:15:10.313000",
"db": "NVD",
"id": "CVE-2023-33778"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33778"
},
{
"date": "2023-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-003"
},
{
"date": "2025-01-09T18:15:26.790000",
"db": "NVD",
"id": "CVE-2023-33778"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Draytek Vigor Routers Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-003"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-003"
}
],
"trust": 0.6
}
}
CVE-2023-33778 (GCVE-0-2023-33778)
Vulnerability from nvd – Published: 2023-06-01 00:00 – Updated: 2025-01-09 17:24
VLAI?
Summary
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T17:24:27.672008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:24:35.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33778",
"datePublished": "2023-06-01T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-09T17:24:35.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33778 (GCVE-0-2023-33778)
Vulnerability from cvelistv5 – Published: 2023-06-01 00:00 – Updated: 2025-01-09 17:24
VLAI?
Summary
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T17:24:27.672008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:24:35.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33778",
"datePublished": "2023-06-01T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-09T17:24:35.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}