CVE-2023-31447 Information

Description

user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment insert shellcode and execute arbitrary code.

Reference

https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4 https://draytek.com