Cross site scripting

2023-03-0322:15:00

PRIOn knowledge base

www.prio-n.com

draytek

cross site scripting

xss

wlogin.cgi

user_login.cgi

vigor3910

vigor1000b

vigor2962

vigor2865

vigor2866

vigor2927

vigor2915

vigor2765

vigor2766

vigor2135

vigor2763

vigor2862

vigor2926

vigor2925

vigor2952

vigor3220

vigor2133

vigor2762

vigor2832

0.001 Low

EPSS

Percentile

32.3%

JSON

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router’s web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

CPENameOperatorVersion
vigor130_firmwarelt3.8.5.1
vigor165_firmwarelt4.2.4.1
vigor166_firmwarelt4.2.4.1
vigor2133_firmwarelt3.9.6.5
vigor2133ac_firmwarelt3.9.6.5
vigor2133fvac_firmwarelt3.9.6.5
vigor2133n_firmwarelt3.9.6.5
vigor2133vac_firmwarelt3.9.6.5
vigor2135_firmwarelt4.4.2.1
vigor2135ac_firmwarelt4.4.2.1

Name	Operator	Version
vigor130_firmware	lt	3.8.5.1
vigor165_firmware	lt	4.2.4.1
vigor166_firmware	lt	4.2.4.1
vigor2133_firmware	lt	3.9.6.5
vigor2133ac_firmware	lt	3.9.6.5
vigor2133fvac_firmware	lt	3.9.6.5
vigor2133n_firmware	lt	3.9.6.5
vigor2133vac_firmware	lt	3.9.6.5
vigor2135_firmware	lt	4.4.2.1
vigor2135ac_firmware	lt	4.4.2.1