CVE-2023-33778 - OpenCVE

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Draytek	Myvigor Vigor1000b Vigor1000b Firmware Vigor130 Vigor130 Firmware Vigor165 Vigor165 Firmware Vigor166 Vigor166 Firmware Vigor167 Vigor167 Firmware Vigor2135ac Vigor2135ac Firmware Vigor2135ax Vigor2135ax Firmware Vigor2135fvac Vigor2135fvac Firmware Vigor2135vac Vigor2135vac Firmware Vigor2620l Vigor2620l Firmware Vigor2620ln Vigor2620ln Firmware Vigor2763ac Vigor2763ac Firmware Vigor2765ac Vigor2765ac Firmware Vigor2765ax Vigor2765ax Firmware Vigor2765vac Vigor2765vac Firmware Vigor2766ac Vigor2766ac Firmware Vigor2766ax Vigor2766ax Firmware Vigor2766vac Vigor2766vac Firmware Vigor2832n Vigor2832n Firmware Vigor2862ac Vigor2862ac Firmware Vigor2862b Vigor2862b Firmware Vigor2862bn Vigor2862bn Firmware Vigor2862l Vigor2862l Firmware Vigor2862lac Vigor2862lac Firmware Vigor2862ln Vigor2862ln Firmware Vigor2862n Vigor2862n Firmware Vigor2862vac Vigor2862vac Firmware Vigor2865ac Vigor2865ac Firmware Vigor2865ax Vigor2865ax Firmware Vigor2865l Vigor2865l Firmware Vigor2865lac Vigor2865lac Firmware Vigor2865vac Vigor2865vac Firmware Vigor2866ac Vigor2866ac Firmware Vigor2866ax Vigor2866ax Firmware Vigor2866l Vigor2866l Firmware Vigor2866lac Vigor2866lac Firmware Vigor2866vac Vigor2866vac Firmware Vigor2915ac Vigor2915ac Firmware Vigor2926 Plus Vigor2926 Plus Firmware Vigor2927ac Vigor2927ac Firmware Vigor2927ax Vigor2927ax Firmware Vigor2927f Vigor2927f Firmware Vigor2927l Vigor2927l Firmware Vigor2927lac Vigor2927lac Firmware Vigor2927vac Vigor2927vac Firmware Vigor2962 Vigor2962 Firmware Vigor3910 Vigor3910 Firmware Vigorap 1000c Vigorap 1000c Firmware Vigorap 1060c Vigorap 1060c Firmware Vigorap 903 Vigorap 903 Firmware Vigorap 906 Vigorap 906 Firmware Vigorap 912c Vigorap 912c Firmware Vigorap 918r Vigorap 918r Firmware Vigorap 960c Vigorap 960c Firmware Vigorlte 200n Vigorlte 200n Firmware Vigorswitch Fx2120 Vigorswitch Fx2120 Firmware Vigorswitch G1080 Vigorswitch G1080 Firmware Vigorswitch G1085 Vigorswitch G1085 Firmware Vigorswitch G1282 Vigorswitch G1282 Firmware Vigorswitch G2100 Vigorswitch G2100 Firmware Vigorswitch G2121 Vigorswitch G2121 Firmware Vigorswitch G2280x Vigorswitch G2280x Firmware Vigorswitch G2540xs Vigorswitch G2540xs Firmware Vigorswitch P1282 Vigorswitch P1282 Firmware Vigorswitch P2100 Vigorswitch P2100 Firmware Vigorswitch P2280x Vigorswitch P2280x Firmware Vigorswitch P2540xs Vigorswitch P2540xs Firmware Vigorswitch Pq2121x Vigorswitch Pq2121x Firmware Vigorswitch Pq2200xb Vigorswitch Pq2200xb Firmware Vigorswitch Q2121x Vigorswitch Q2121x Firmware Vigorswitch Q2200x Vigorswitch Q2200x Firmware

Configuration 1 [-]

cpe:2.3:a:draytek:myvigor:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:draytek:vigorswitch_pq2200xb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_pq2200xb:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:draytek:vigorswitch_pq2121x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_pq2121x:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:draytek:vigorswitch_p2540xs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_p2540xs:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:draytek:vigorswitch_p2280x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_p2280x:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:draytek:vigorswitch_p2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_p2100:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:draytek:vigorswitch_q2200x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_q2200x:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:draytek:vigorswitch_q2121x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_q2121x:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:draytek:vigorswitch_g2540xs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_g2540xs:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:draytek:vigorswitch_g2280x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_g2280x:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:draytek:vigorswitch_g2121_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_g2121:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:draytek:vigorswitch_g2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_g2100:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:draytek:vigorswitch_fx2120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_fx2120:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:draytek:vigorswitch_p1282_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_p1282:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:draytek:vigorswitch_g1282_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_g1282:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:draytek:vigorswitch_g1085_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_g1085:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:draytek:vigorswitch_g1080_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorswitch_g1080:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:draytek:vigorap_903_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorap_903:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:draytek:vigorap_912c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorap_912c:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:draytek:vigorap_918r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorap_918r:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:draytek:vigorap_1060c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorap_1060c:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:draytek:vigorap_906_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorap_906:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:draytek:vigorap_960c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorap_960c:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:draytek:vigorap_1000c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigorap_1000c:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:h:draytek:vigor2766ac:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:draytek:vigor2766ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2766ac_firmware::::::::

Configuration 26 [-]

AND

cpe:2.3:h:draytek:vigor2766ax:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:draytek:vigor2766ax_firmware::::::::
	cpe:2.3:o:draytek:vigor2766ax_firmware::::::::

Configuration 27 [-]

AND

cpe:2.3:h:draytek:vigor2766vac:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:draytek:vigor2766vac_firmware::::::::
	cpe:2.3:o:draytek:vigor2766vac_firmware::::::::

Configuration 28 [-]

AND

cpe:2.3:h:draytek:vigor2765ax:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:draytek:vigor2765ax_firmware::::::::
	cpe:2.3:o:draytek:vigor2765ax_firmware::::::::

Configuration 29 [-]

AND

cpe:2.3:h:draytek:vigor2765vac:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:draytek:vigor2765vac_firmware::::::::
	cpe:2.3:o:draytek:vigor2765vac_firmware::::::::

Configuration 30 [-]

AND

cpe:2.3:h:draytek:vigor2765ac:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:draytek:vigor2765ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2765ac_firmware::::::::

Configuration 31 [-]

AND

cpe:2.3:h:draytek:vigor2763ac:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:draytek:vigor2763ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2763ac_firmware::::::::

Configuration 32 [-]

AND

cpe:2.3:h:draytek:vigor2620l:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:draytek:vigor2620l_firmware::::::::
	cpe:2.3:o:draytek:vigor2620l_firmware::::::::

Configuration 33 [-]

AND

OR	cpe:2.3:o:draytek:vigor2620ln_firmware::::::::
	cpe:2.3:o:draytek:vigor2620ln_firmware::::::::

cpe:2.3:h:draytek:vigor2620ln:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

OR	cpe:2.3:o:draytek:vigorlte_200n_firmware::::::::
	cpe:2.3:o:draytek:vigorlte_200n_firmware::::::::

cpe:2.3:h:draytek:vigorlte_200n:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

OR	cpe:2.3:o:draytek:vigor2915ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2915ac_firmware::::::::

cpe:2.3:h:draytek:vigor2915ac:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

OR	cpe:2.3:o:draytek:vigor2135ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2135ac_firmware::::::::

cpe:2.3:h:draytek:vigor2135ac:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

OR	cpe:2.3:o:draytek:vigor2135ax_firmware::::::::
	cpe:2.3:o:draytek:vigor2135ax_firmware::::::::

cpe:2.3:h:draytek:vigor2135ax:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

OR	cpe:2.3:o:draytek:vigor2135fvac_firmware::::::::
	cpe:2.3:o:draytek:vigor2135fvac_firmware::::::::

cpe:2.3:h:draytek:vigor2135fvac:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

OR	cpe:2.3:o:draytek:vigor2135vac_firmware::::::::
	cpe:2.3:o:draytek:vigor2135vac_firmware::::::::

cpe:2.3:h:draytek:vigor2135vac:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

OR	cpe:2.3:o:draytek:vigor2866ax_firmware::::::::
	cpe:2.3:o:draytek:vigor2866ax_firmware::::::::

cpe:2.3:h:draytek:vigor2866ax:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

OR	cpe:2.3:o:draytek:vigor2866ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2866ac_firmware::::::::

cpe:2.3:h:draytek:vigor2866ac:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

OR	cpe:2.3:o:draytek:vigor2866vac_firmware::::::::
	cpe:2.3:o:draytek:vigor2866vac_firmware::::::::

cpe:2.3:h:draytek:vigor2866vac:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

OR	cpe:2.3:o:draytek:vigor2866l_firmware::::::::
	cpe:2.3:o:draytek:vigor2866l_firmware::::::::

cpe:2.3:h:draytek:vigor2866l:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

OR	cpe:2.3:o:draytek:vigor2866lac_firmware::::::::
	cpe:2.3:o:draytek:vigor2866lac_firmware::::::::

cpe:2.3:h:draytek:vigor2866lac:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

OR	cpe:2.3:o:draytek:vigor2865ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2865ac_firmware::::::::

cpe:2.3:h:draytek:vigor2865ac:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

OR	cpe:2.3:o:draytek:vigor2865ax_firmware::::::::
	cpe:2.3:o:draytek:vigor2865ax_firmware::::::::

cpe:2.3:h:draytek:vigor2865ax:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

OR	cpe:2.3:o:draytek:vigor2865vac_firmware::::::::
	cpe:2.3:o:draytek:vigor2865vac_firmware::::::::

cpe:2.3:h:draytek:vigor2865vac:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

OR	cpe:2.3:o:draytek:vigor2865l_firmware::::::::
	cpe:2.3:o:draytek:vigor2865l_firmware::::::::

cpe:2.3:h:draytek:vigor2865l:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

OR	cpe:2.3:o:draytek:vigor2865lac_firmware::::::::
	cpe:2.3:o:draytek:vigor2865lac_firmware::::::::

cpe:2.3:h:draytek:vigor2865lac:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

OR	cpe:2.3:o:draytek:vigor2862n_firmware::::::::
	cpe:2.3:o:draytek:vigor2862n_firmware::::::::

cpe:2.3:h:draytek:vigor2862n:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

OR	cpe:2.3:o:draytek:vigor2862ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2862ac_firmware::::::::

cpe:2.3:h:draytek:vigor2862ac:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

OR	cpe:2.3:o:draytek:vigor2862vac_firmware::::::::
	cpe:2.3:o:draytek:vigor2862vac_firmware::::::::

cpe:2.3:h:draytek:vigor2862vac:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

OR	cpe:2.3:o:draytek:vigor2862b_firmware::::::::
	cpe:2.3:o:draytek:vigor2862b_firmware::::::::

cpe:2.3:h:draytek:vigor2862b:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

OR	cpe:2.3:o:draytek:vigor2862bn_firmware::::::::
	cpe:2.3:o:draytek:vigor2862bn_firmware::::::::

cpe:2.3:h:draytek:vigor2862bn:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

OR	cpe:2.3:o:draytek:vigor2862l_firmware::::::::
	cpe:2.3:o:draytek:vigor2862l_firmware::::::::

cpe:2.3:h:draytek:vigor2862l:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

OR	cpe:2.3:o:draytek:vigor2862lac_firmware::::::::
	cpe:2.3:o:draytek:vigor2862lac_firmware::::::::

cpe:2.3:h:draytek:vigor2862lac:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

OR	cpe:2.3:o:draytek:vigor2862ln_firmware::::::::
	cpe:2.3:o:draytek:vigor2862ln_firmware::::::::

cpe:2.3:h:draytek:vigor2862ln:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

OR	cpe:2.3:o:draytek:vigor2832n_firmware::::::::
	cpe:2.3:o:draytek:vigor2832n_firmware::::::::

cpe:2.3:h:draytek:vigor2832n:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

OR	cpe:2.3:o:draytek:vigor2927ax_firmware::::::::
	cpe:2.3:o:draytek:vigor2927ax_firmware::::::::

cpe:2.3:h:draytek:vigor2927ax:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

OR	cpe:2.3:o:draytek:vigor2927ac_firmware::::::::
	cpe:2.3:o:draytek:vigor2927ac_firmware::::::::

cpe:2.3:h:draytek:vigor2927ac:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

OR	cpe:2.3:o:draytek:vigor2927vac_firmware::::::::
	cpe:2.3:o:draytek:vigor2927vac_firmware::::::::

cpe:2.3:h:draytek:vigor2927vac:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

OR	cpe:2.3:o:draytek:vigor2927f_firmware::::::::
	cpe:2.3:o:draytek:vigor2927f_firmware::::::::

cpe:2.3:h:draytek:vigor2927f:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

OR	cpe:2.3:o:draytek:vigor2927l_firmware::::::::
	cpe:2.3:o:draytek:vigor2927l_firmware::::::::

cpe:2.3:h:draytek:vigor2927l:-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

OR	cpe:2.3:o:draytek:vigor2927lac_firmware::::::::
	cpe:2.3:o:draytek:vigor2927lac_firmware::::::::

cpe:2.3:h:draytek:vigor2927lac:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

OR	cpe:2.3:o:draytek:vigor2926_plus_firmware::::::::
	cpe:2.3:o:draytek:vigor2926_plus_firmware::::::::

cpe:2.3:h:draytek:vigor2926_plus:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

OR	cpe:2.3:o:draytek:vigor2962_firmware::::::::
	cpe:2.3:o:draytek:vigor2962_firmware::::::::

cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*

Configuration 67 [-]

AND

OR	cpe:2.3:o:draytek:vigor1000b_firmware::::::::
	cpe:2.3:o:draytek:vigor1000b_firmware::::::::

cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*

Configuration 68 [-]

AND

OR	cpe:2.3:o:draytek:vigor3910_firmware::::::::
	cpe:2.3:o:draytek:vigor3910_firmware::::::::

cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*

Configuration 69 [-]

AND

OR	cpe:2.3:o:draytek:vigor165_firmware::::::::
	cpe:2.3:o:draytek:vigor165_firmware::::::::

cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*

Configuration 70 [-]

AND

OR	cpe:2.3:o:draytek:vigor166_firmware::::::::
	cpe:2.3:o:draytek:vigor166_firmware::::::::

cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*

Configuration 71 [-]

AND

OR	cpe:2.3:o:draytek:vigor130_firmware::::::::
	cpe:2.3:o:draytek:vigor130_firmware::::::::

cpe:2.3:h:draytek:vigor130:-:*:*:*:*:*:*:*

Configuration 72 [-]

AND

OR	cpe:2.3:o:draytek:vigor167_firmware::::::::
	cpe:2.3:o:draytek:vigor167_firmware::::::::

cpe:2.3:h:draytek:vigor167:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-01T00:00:00

Updated: 2024-08-02T15:47:06.496Z

Reserved: 2023-05-22T00:00:00

Link: CVE-2023-33778

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-01T04:15:10.313

Modified: 2023-06-09T18:26:41.557

Link: CVE-2023-33778

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object