An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.Referenceshttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txthttps://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023
