Headline
CVE-2023-31447: CVE-2023-31447
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.
[CVE ID]
CVE-2023-31447
[PRODUCT]
Draytek Vigor Series router
[VERSION]
Vigor2926 < v3.9.9.2
Vigor2925
…
[PROBLEM TYPE]
Denial of service (and/or) command execution
[DESCRIPTION]
There is a security vulnerability in Draytek routers that could allow an unauthenticated attacker to cause denial of service or execute arbitrary code on the target device.