CVE-2023-33778

Name of the Vulnerable Software and Affected Versions Draytek Vigor Routers versions below 3.9.6/4.2.4 Draytek Vigor Access Points versions below v1.4.0 Draytek Vigor Switches versions below 2.6.7 Draytek Vigor Myvigor versions below 2.3.2

Description The issue is related to the use of hardcoded encryption keys in the firmware of Draytek Vigor devices. This allows attackers to bind any affected device to their own account, enabling them to create WCF and DrayDDNS licenses and synchronize them from the website. The vulnerability can be exploited remotely and may impact the confidentiality, integrity, and availability of protected information.

Recommendations For Draytek Vigor Routers versions below 3.9.6/4.2.4, update to version 3.9.6/4.2.4 or later. For Draytek Vigor Access Points versions below v1.4.0, update to version v1.4.0 or later. For Draytek Vigor Switches versions below 2.6.7, update to version 2.6.7 or later. For Draytek Vigor Myvigor versions below 2.3.2, update to version 2.3.2 or later.