Lucene search

[email protected]CVE-2023-23313

HistoryMar 03, 2023 - 10:15 p.m.

CVE-2023-23313

2023-03-0322:15:09

CWE-79

[email protected]

web.nvd.nist.gov

draytek

cross site scripting

xss

vulnerability

wlogin.cgi

user_login.cgi

router

vigor3910

vigor1000b

vigor2962

vigor2865

vigor2866

vigor2927

vigor2915

vigor2765

vigor2766

vigor2135

vigor2763

vigor2862

vigor2926

vigor2925

vigor2952

vigor3220

vigor2133

vigor2762

vigor2832

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.5%

JSON

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router’s web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

Affected configurations

NVD

Node

draytekvigor2860_firmwareRange<3.9.4

AND

draytekvigor2860Match-

Node

draytekvigor2860n_firmwareRange<3.9.4

AND

draytekvigor2860nMatch-

Node

draytekvigor2860n-plus_firmwareRange<3.9.4

AND

draytekvigor2860n-plusMatch-

Node

draytekvigor2860vn-plus_firmwareRange<3.9.4

AND

draytekvigor2860vn-plusMatch-

Node

draytekvigor2860ac_firmwareRange<3.9.4

AND

draytekvigor2860acMatch-

Node

draytekvigor2860vac_firmwareRange<3.9.4

AND

draytekvigor2860vacMatch-

Node

draytekvigor2860l_firmwareRange<3.9.4

AND

draytekvigor2860lMatch-

Node

draytekvigor2860ln_firmwareRange<3.9.4

AND

draytekvigor2860lnMatch-

Node

draytekvigor2832_firmwareRange<3.9.6.3

AND

draytekvigor2832Match-

Node

draytekvigor2832n_firmwareRange<3.9.6.3

AND

draytekvigor2832nMatch-

Node

draytekvigor2766_firmwareRange<4.4.2.1

AND

draytekvigor2766Match-

Node

draytekvigor2766ax_firmwareRange<4.4.2.1

AND

draytekvigor2766axMatch-

Node

draytekvigor2766ac_firmwareRange<4.4.2.1

AND

draytekvigor2766acMatch-

Node

draytekvigor2766vac_firmwareRange<4.4.2.1

AND

draytekvigor2766vacMatch-

Node

draytekvigor2765_firmwareRange<4.4.2.1

AND

draytekvigor2765Match-

Node

draytekvigor2765ax_firmwareRange<4.4.2.1

AND

draytekvigor2765axMatch-

Node

draytekvigor2765ac_firmwareRange<4.4.2.1

AND

draytekvigor2765acMatch-

Node

draytekvigor2765va_firmwareRange<4.4.2.1

AND

draytekvigor2765vaMatch-

Node

draytekvigor2763_firmwareRange<4.4.2.2

AND

draytekvigor2763Match-

Node

draytekvigor2763ac_firmwareRange<4.4.2.2

AND

draytekvigor2763acMatch-

Node

draytekvigor2762_firmwareRange<3.9.6.5

AND

draytekvigor2762Match-

Node

draytekvigor2762n_firmwareRange<3.9.6.5

AND

draytekvigor2762nMatch-

Node

draytekvigor2762ac_firmwareRange<3.9.6.5

AND

draytekvigor2762acMatch-

Node

draytekvigor2762vac_firmwareRange<3.9.6.5

AND

draytekvigor2762vacMatch-

Node

draytekvigor2135_firmwareRange<4.4.2.1

AND

draytekvigor2135Match-

Node

draytekvigor2135ax_firmwareRange<4.4.2.1

AND

draytekvigor2135axMatch-

Node

draytekvigor2135ac_firmwareRange<4.4.2.1

AND

draytekvigor2135acMatch-

Node

draytekvigor2135vac_firmwareRange<4.4.2.1

AND

draytekvigor2135vacMatch-

Node

draytekvigor2135fvac_firmwareRange<4.4.2.1

AND

draytekvigor2135fvacMatch-

Node

draytekvigor2133_firmwareRange<3.9.6.5

AND

draytekvigor2133Match-

Node

draytekvigor2133n_firmwareRange<3.9.6.5

AND

draytekvigor2133nMatch-

Node

draytekvigor2133ac_firmwareRange<3.9.6.5

AND

draytekvigor2133acMatch-

Node

draytekvigor2133vac_firmwareRange<3.9.6.5

AND

draytekvigor2133vacMatch-

Node

draytekvigor2133fvac_firmwareRange<3.9.6.5

AND

draytekvigor2133fvacMatch-

Node

draytekvigor166_firmwareRange<4.2.4.1

AND

draytekvigor166Match-

Node

draytekvigor165_firmwareRange<4.2.4.1

AND

draytekvigor165Match-

Node

draytekvigor130_firmwareRange<3.8.5.1

AND

draytekvigor130Match-

Node

draytekvigornic_132_firmwareRange<3.8.5.1

AND

draytekvigornic_132Match-

Node

draytekvirgor3910_firmwareRange<4.3.2.2

AND

draytekvirgor3910Match-

Node

draytekvirgor3220_firmwareRange<3.9.7.4

AND

draytekvirgor3220Match-

Node

draytekvirgor2962_firmwareRange<4.3.2.2

AND

draytekvirgor2962Match-

Node

draytekvirgor2962p_firmwareRange<4.3.2.2

AND

draytekvirgor2962pMatch-

Node

draytekvirgor1000b_firmwareRange<4.3.2.2

AND

draytekvirgor1000bMatch-

Node

draytekvirgor2952_firmwareRange<3.9.7.4

AND

draytekvirgor2952Match-

Node

draytekvirgor2952p_firmwareRange<3.9.7.4

AND

draytekvirgor2952pMatch-

Node

draytekvirgor2927_firmwareRange<4.4.2.3

AND

draytekvirgor2927Match-

Node

draytekvirgor2927ax_firmwareRange<4.4.2.3

AND

draytekvirgor2927axMatch-

Node

draytekvirgor2927ac_firmwareRange<4.4.2.3

AND

draytekvirgor2927acMatch-

Node

draytekvirgor2927vac_firmwareRange<4.4.2.3

AND

draytekvirgor2927vacMatch-

Node

draytekvirgor2927f_firmwareRange<4.4.2.3

AND

draytekvirgor2927fMatch-

Node

draytekvirgor2927l_firmwareRange<4.4.2.3

AND

draytekvirgor2927lMatch-

Node

draytekvirgor2927lac_firmwareRange<4.4.2.3

AND

draytekvirgor2927lacMatch-

Node

draytekvirgor2926_firmwareRange<3.9.9.1

AND

draytekvirgor2926Match-

Node

draytekvirgor2926n_firmwareRange<3.9.9.1

AND

draytekvirgor2926nMatch-

Node

draytekvirgor2926ac_firmwareRange<3.9.9.1

AND

draytekvirgor2926acMatch-

Node

draytekvirgor2926vac_firmwareRange<3.9.9.1

AND

draytekvirgor2926vacMatch-

Node

draytekvirgor2926l_firmwareRange<3.9.9.1

AND

draytekvirgor2926lMatch-

Node

draytekvirgor2926ln_firmwareRange<3.9.9.1

AND

draytekvirgor2926lnMatch-

Node

draytekvirgor2926lac_firmwareRange<3.9.9.1

AND

draytekvirgor2926lacMatch-

Node

draytekvirgor2925_firmwareRange<3.9.4

AND

draytekvirgor2925Match-

Node

draytekvirgor2925n_firmwareRange<3.9.4

AND

draytekvirgor2925nMatch-

Node

draytekvirgor2925n-plus_firmwareRange<3.9.4

AND

draytekvirgor2925n-plusMatch-

Node

draytekvirgor2925vn-plus_firmwareRange<3.9.4

AND

draytekvirgor2925vn-plusMatch-

Node

draytekvirgor2925ac_firmwareRange<3.9.4

AND

draytekvirgor2925acMatch-

Node

draytekvirgor2925vac_firmwareRange<3.9.4

AND

draytekvirgor2925vacMatch-

Node

draytekvirgor2925fn_firmwareRange<3.9.4

AND

draytekvirgor2925fnMatch-

Node

draytekvirgor2925l_firmwareRange<3.9.4

AND

draytekvirgor2925lMatch-

Node

draytekvirgor2925ln_firmwareRange<3.9.4

AND

draytekvirgor2925lnMatch-

Node

draytekvirgor2915_firmwareRange<4.4.2.1

AND

draytekvirgor2915Match-

Node

draytekvirgor2915ac_firmwareRange<4.4.2.1

AND

draytekvirgor2915acMatch-

Node

draytekvirgor2866_firmwareRange<4.4.1.1

AND

draytekvirgor2866Match-

Node

draytekvirgor2866ax_firmwareRange<4.4.1.1

AND

draytekvirgor2866axMatch-

Node

draytekvirgor2866ac_firmwareRange<4.4.1.1

AND

draytekvirgor2866acMatch-

Node

draytekvirgor2866vac_firmwareRange<4.4.1.1

AND

draytekvirgor2866vacMatch-

Node

draytekvirgor2866l_firmwareRange<4.4.1.1

AND

draytekvirgor2866lMatch-

Node

draytekvirgor2866lac_firmwareRange<4.4.1.1

AND

draytekvirgor2866lacMatch-

Node

draytekvirgor2865_firmwareRange<4.4.1.1

AND

draytekvirgor2865Match-

Node

draytekvirgor2865ax_firmwareRange<4.4.1.1

AND

draytekvirgor2865axMatch-

Node

draytekvirgor2865ac_firmwareRange<4.4.1.1

AND

draytekvirgor2865acMatch-

Node

draytekvirgor2865vac_firmwareRange<4.4.1.1

AND

draytekvirgor2865vacMatch-

Node

draytekvirgor2865l_firmwareRange<4.4.1.1

AND

draytekvirgor2865lMatch-

Node

draytekvirgor2865lac_firmwareRange<4.4.1.1

AND

draytekvirgor2865lacMatch-

Node

draytekvirgor2862_firmwareRange<3.9.9.1

AND

draytekvirgor2862Match-

Node

draytekvirgor2862n_firmwareRange<3.9.9.1

AND

draytekvirgor2862nMatch-

Node

draytekvirgor2862ac_firmwareRange<3.9.9.1

AND

draytekvirgor2862acMatch-

Node

draytekvirgor2862vac_firmwareRange<3.9.9.1

AND

draytekvirgor2862vacMatch-

Node

draytekvirgor2862b_firmwareRange<3.9.9.1

AND

draytekvirgor2862bMatch-

Node

draytekvirgor2862bn_firmwareRange<3.9.9.1

AND

draytekvirgor2862bnMatch-

Node

draytekvirgor2862l_firmwareRange<3.9.9.1

AND

draytekvirgor2862lMatch-

Node

draytekvirgor2862ln_firmwareRange<3.9.9.1

AND

draytekvirgor2862lnMatch-

Node

draytekvirgor2862lac_firmwareRange<3.9.9.1

AND

draytekvirgor2862lacMatch-

CPENameOperatorVersion
draytek:vigor2860_firmwaredraytek vigor2860 firmwarelt3.9.4

CPE	Name	Operator	Version
draytek:vigor2860_firmware	draytek vigor2860 firmware	lt	3.9.4

References

www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/

www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.5%

JSON

Related for CVE-2023-23313

cvelist1 prion1 nvd1