Unrated severityNVD Advisory· Published Jun 1, 2023· Updated Jan 9, 2025
CVE-2023-33778
CVE-2023-33778
Description
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.9.6 / 4.2.4
- Range: <v1.4.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.