CVE-2023-23313

Certain Draytek products are vulnerable to Cross Site Scripting XSS via the wlogin.cgi script and userlogin.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915,...

Cross site scripting

Certain Draytek products are vulnerable to Cross Site Scripting XSS via the wlogin.cgi script and userlogin.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915,...

CVE-2023-23313

CVE-2023-23313 affects DrayTek Vigor routers via XSS in the wlogin.cgi and user_login.cgi web portal scripts. Affected models span multiple series and firmware versions (e.g., Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865/2866 v4.4.1.0; Vigor2927 v4.4.2.2; Vigor2915, Vigor2765/2766/2135 v4...

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

PT-2022-3971 · Draytek · Draytek Vigor

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor routers versions prior to 4.3.1.1 Description: The issue is related to a buffer overflow in the /cgi-bin/wlogin.cgi script of the DrayTek Vigor router's web management interface. This can be exploited by sending a specially...