Draytek Vigor 165
0 remedies
cpe:2.3:h:draytek:vigor165:*:*:*:*:*:*:*, +1 more
0 remedies
- < 4.2.6
Draytek Vigor Routers Certificate Verification Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in several Draytek Vigor router models, including the Vigor 165/166, Vigor 2620/LTE200, Vigor 2860/2925, Vigor 2862/2926, Vigor 2133/2762/2832, Vigor 2135/2765/2766, Vigor 2865/2866/2927, Vigor 2962/3910, and Vigor 3912. These devices, running various firmware versions prior to specific releases, fail to properly verify certificates. This oversight allows attackers to upload manipulated APPE modules from unofficial servers, potentially leading to arbitrary code execution on the device.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected Draytek devices.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
7.0remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
5.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.