CVE-2023-33778

Published: Jun 1, 2023

Modified: Jan 9, 2025

PUBLISHED

Description

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-33778

Description

Affected Products

References