Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.
Affected:< 2.3.2Fixed in:2.3.2CVE-2023-33778derived from NVD
vigor1000b firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor130 firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor165 firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor166 firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor167 firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2135ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2135ax firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2135fvac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2135vac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2620l firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2620ln firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2763ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2765ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2765ax firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2765vac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2766ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2766ax firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2766vac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2832n firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2862ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2862b firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2862bn firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2862l firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2862lac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2862ln firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2862n firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2862vac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2865ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2865ax firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2865l firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2865lac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2865vac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2866ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2866ax firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2866l firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2866lac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2866vac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2915ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2926 plus firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2927ac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2927ax firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2927f firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2927l firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2927lac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2927vac firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor2962 firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigor3910 firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigorap 1000c firmwareNVD
Affected:< 1.4.0Fixed in:1.4.0CVE-2023-33778derived from NVD
vigorap 1060c firmwareNVD
Affected:< 1.4.0Fixed in:1.4.0CVE-2023-33778derived from NVD
vigorap 903 firmwareNVD
Affected:< 1.4.0Fixed in:1.4.0CVE-2023-33778derived from NVD
vigorap 906 firmwareNVD
Affected:< 1.4.0Fixed in:1.4.0CVE-2023-33778derived from NVD
vigorap 912c firmwareNVD
Affected:< 1.4.0Fixed in:1.4.0CVE-2023-33778derived from NVD
vigorap 918r firmwareNVD
Affected:< 1.4.0Fixed in:1.4.0CVE-2023-33778derived from NVD
vigorap 960c firmwareNVD
Affected:< 1.4.0Fixed in:1.4.0CVE-2023-33778derived from NVD
vigorlte 200n firmwareNVD
Affected:>= 4.0.0, < 4.2.4Fixed in:4.2.4CVE-2023-33778derived from NVD
vigorswitch fx2120 firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch g1080 firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch g1085 firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch g1282 firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch g2100 firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch g2121 firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch g2280x firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch g2540xs firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch p1282 firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch p2100 firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch p2280x firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch p2540xs firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch pq2121x firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch pq2200xb firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch q2121x firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
vigorswitch q2200x firmwareNVD
Affected:< 2.6.7Fixed in:2.6.7CVE-2023-33778derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploit Intelligence
0.60%probability of exploitation in 30 days
44thpercentile
Moderate risk: more likely to be exploited than 44% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-01-09.