DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID (CWE-77).
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
An attacker within range of the DrayTek Vigor ADSL router can edit the SSID on their malicious access point to corrupt the variables.js file. This may cause the DrayTek router to call external scripts or make unauthorized changes to the settings, which may include poisoning the DNS cache.
We are currently unaware of a practical solution to this problem.
Thanks to Juraj Kosik for reporting this vulnerability.
This document was written by Adam Rauf.
|Date First Published:||2013-10-22|
|Date Last Updated:||2013-10-22 13:28 UTC|