Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-23313

Published: 03/03/2023 Updated: 07/11/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Vigor2860 Firmware

Vulnerability Summary

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

draytek vigor2860_firmware

draytek vigor2860n_firmware

draytek vigor2860n-plus_firmware

draytek vigor2860vn-plus_firmware

draytek vigor2860ac_firmware

draytek vigor2860vac_firmware

draytek vigor2860l_firmware

draytek vigor2860ln_firmware

draytek vigor2832_firmware

draytek vigor2832n_firmware

draytek vigor2766_firmware

draytek vigor2766ax_firmware

draytek vigor2766ac_firmware

draytek vigor2766vac_firmware

draytek vigor2765_firmware

draytek vigor2765ax_firmware

draytek vigor2765ac_firmware

draytek vigor2765va_firmware

draytek vigor2763_firmware

draytek vigor2763ac_firmware

draytek vigor2762_firmware

draytek vigor2762n_firmware

draytek vigor2762ac_firmware

draytek vigor2762vac_firmware

draytek vigor2135_firmware

draytek vigor2135ax_firmware

draytek vigor2135ac_firmware

draytek vigor2135vac_firmware

draytek vigor2135fvac_firmware

draytek vigor2133_firmware

draytek vigor2133n_firmware

draytek vigor2133ac_firmware

draytek vigor2133vac_firmware

draytek vigor2133fvac_firmware

draytek vigor166_firmware

draytek vigor165_firmware

draytek vigor130_firmware

draytek vigornic_132_firmware

draytek virgor3910_firmware

draytek virgor3220_firmware

draytek virgor2962_firmware

draytek virgor2962p_firmware

draytek virgor1000b_firmware

draytek virgor2952_firmware

draytek virgor2952p_firmware

draytek virgor2927_firmware

draytek virgor2927ax_firmware

draytek virgor2927ac_firmware

draytek virgor2927vac_firmware

draytek virgor2927f_firmware

draytek virgor2927l_firmware

draytek virgor2927lac_firmware

draytek virgor2926_firmware

draytek virgor2926n_firmware

draytek virgor2926ac_firmware

draytek virgor2926vac_firmware

draytek virgor2926l_firmware

draytek virgor2926ln_firmware

draytek virgor2926lac_firmware

draytek virgor2925_firmware

draytek virgor2925n_firmware

draytek virgor2925n-plus_firmware

draytek virgor2925vn-plus_firmware

draytek virgor2925ac_firmware

draytek virgor2925vac_firmware

draytek virgor2925fn_firmware

draytek virgor2925l_firmware

draytek virgor2925ln_firmware

draytek virgor2915_firmware

draytek virgor2915ac_firmware

draytek virgor2866_firmware

draytek virgor2866ax_firmware

draytek virgor2866ac_firmware

draytek virgor2866vac_firmware

draytek virgor2866l_firmware

draytek virgor2866lac_firmware

draytek virgor2865_firmware

draytek virgor2865ax_firmware

draytek virgor2865ac_firmware

draytek virgor2865vac_firmware

draytek virgor2865l_firmware

draytek virgor2865lac_firmware

draytek virgor2862_firmware

draytek virgor2862n_firmware

draytek virgor2862ac_firmware

draytek virgor2862vac_firmware

draytek virgor2862b_firmware

draytek virgor2862bn_firmware

draytek virgor2862l_firmware

draytek virgor2862ln_firmware

draytek virgor2862lac_firmware

References

CWE-79https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook