DrayTek VigorACS 2 Unsafe Flex AMF Java Object Deserialization

DrayTek Vigor ACS server, a remote enterprise management system for DrayTek routers, uses a vulnerable version of the Adobe / Apache Flex Java library that has a deserialisation vulnerability. This can be exploited by an unauthenticated attacker to achieve remote code execution as root / SYSTEM on all versions until 2.2.2. Exploit code included.

MD5 | 4c7d83cfec04d1724b9d118fb3cd42e1

Related Posts