CVE-2023-23313

EPSS 1.78%
Veröffentlicht 03.03.2023 22:15:09
Zuletzt bearbeitet 07.10.2025 19:00:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Draytek ≫ Vigor2860 Firmware Version < 3.9.4

Draytek ≫ Vigor2860 Version-

Draytek ≫ Vigor2860n Firmware Version < 3.9.4

Draytek ≫ Vigor2860n Version-

Draytek ≫ Vigor2860n-plus Firmware Version < 3.9.4

Draytek ≫ Vigor2860n-plus Version-

Draytek ≫ Vigor2860vn-plus Firmware Version < 3.9.4

Draytek ≫ Vigor2860vn-plus Version-

Draytek ≫ Vigor2860ac Firmware Version < 3.9.4

Draytek ≫ Vigor2860ac Version-

Draytek ≫ Vigor2860vac Firmware Version < 3.9.4

Draytek ≫ Vigor2860vac Version-

Draytek ≫ Vigor2860l Firmware Version < 3.9.4

Draytek ≫ Vigor2860l Version-

Draytek ≫ Vigor2860ln Firmware Version < 3.9.4

Draytek ≫ Vigor2860ln Version-

Draytek ≫ Vigor2832 Firmware Version < 3.9.6.3

Draytek ≫ Vigor2832 Version-

Draytek ≫ Vigor2832n Firmware Version < 3.9.6.3

Draytek ≫ Vigor2832n Version-

Draytek ≫ Vigor2766 Firmware Version < 4.4.2.1

Draytek ≫ Vigor2766 Version-

Draytek ≫ Vigor2766ax Firmware Version < 4.4.2.1

Draytek ≫ Vigor2766ax Version-

Draytek ≫ Vigor2766ac Firmware Version < 4.4.2.1

Draytek ≫ Vigor2766ac Version-

Draytek ≫ Vigor2766vac Firmware Version < 4.4.2.1

Draytek ≫ Vigor2766vac Version-

Draytek ≫ Vigor2765 Firmware Version < 4.4.2.1

Draytek ≫ Vigor2765 Version-

Draytek ≫ Vigor2765ax Firmware Version < 4.4.2.1

Draytek ≫ Vigor2765ax Version-

Draytek ≫ Vigor2765ac Firmware Version < 4.4.2.1

Draytek ≫ Vigor2765ac Version-

Draytek ≫ Vigor2765va Firmware Version < 4.4.2.1

Draytek ≫ Vigor2765va Version-

Draytek ≫ Vigor2763 Firmware Version < 4.4.2.2

Draytek ≫ Vigor2763 Version-

Draytek ≫ Vigor2763ac Firmware Version < 4.4.2.2

Draytek ≫ Vigor2763ac Version-

Draytek ≫ Vigor2762 Firmware Version < 3.9.6.5

Draytek ≫ Vigor2762 Version-

Draytek ≫ Vigor2762n Firmware Version < 3.9.6.5

Draytek ≫ Vigor2762n Version-

Draytek ≫ Vigor2762ac Firmware Version < 3.9.6.5

Draytek ≫ Vigor2762ac Version-

Draytek ≫ Vigor2762vac Firmware Version < 3.9.6.5

Draytek ≫ Vigor2762vac Version-

Draytek ≫ Vigor2135 Firmware Version < 4.4.2.1

Draytek ≫ Vigor2135 Version-

Draytek ≫ Vigor2135ax Firmware Version < 4.4.2.1

Draytek ≫ Vigor2135ax Version-

Draytek ≫ Vigor2135ac Firmware Version < 4.4.2.1

Draytek ≫ Vigor2135ac Version-

Draytek ≫ Vigor2135vac Firmware Version < 4.4.2.1

Draytek ≫ Vigor2135vac Version-

Draytek ≫ Vigor2135fvac Firmware Version < 4.4.2.1

Draytek ≫ Vigor2135fvac Version-

Draytek ≫ Vigor2133 Firmware Version < 3.9.6.5

Draytek ≫ Vigor2133 Version-

Draytek ≫ Vigor2133n Firmware Version < 3.9.6.5

Draytek ≫ Vigor2133n Version-

Draytek ≫ Vigor2133ac Firmware Version < 3.9.6.5

Draytek ≫ Vigor2133ac Version-

Draytek ≫ Vigor2133vac Firmware Version < 3.9.6.5

Draytek ≫ Vigor2133vac Version-

Draytek ≫ Vigor2133fvac Firmware Version < 3.9.6.5

Draytek ≫ Vigor2133fvac Version-

Draytek ≫ Vigor166 Firmware Version < 4.2.4.1

Draytek ≫ Vigor166 Version-

Draytek ≫ Vigor165 Firmware Version < 4.2.4.1

Draytek ≫ Vigor165 Version-

Draytek ≫ Vigor130 Firmware Version < 3.8.5.1

Draytek ≫ Vigor130 Version-

Draytek ≫ Vigornic 132 Firmware Version < 3.8.5.1

Draytek ≫ Vigornic 132 Version-

Draytek ≫ Vigor3910 Firmware Version < 4.3.2.2

Draytek ≫ Vigor3910 Version-

Draytek ≫ Vigor3220 Firmware Version < 3.9.7.4

Draytek ≫ Vigor3220 Version-

Draytek ≫ Vigor2962 Firmware Version < 4.3.2.2

Draytek ≫ Vigor2962 Version-

Draytek ≫ Vigor2962p Firmware Version < 4.3.2.2

Draytek ≫ Vigor2962p Version-

Draytek ≫ Vigor1000b Firmware Version < 4.3.2.2

Draytek ≫ Vigor1000b Version-

Draytek ≫ Vigor2952 Firmware Version < 3.9.7.4

Draytek ≫ Vigor2952 Version-

Draytek ≫ Vigor2952p Firmware Version < 3.9.7.4

Draytek ≫ Vigor2952p Version-

Draytek ≫ Vigor2927 Firmware Version < 4.4.2.3

Draytek ≫ Vigor2927 Version-

Draytek ≫ Vigor2927ax Firmware Version < 4.4.2.3

Draytek ≫ Vigor2927ax Version-

Draytek ≫ Vigor2927ac Firmware Version < 4.4.2.3

Draytek ≫ Vigor2927ac Version-

Draytek ≫ Vigor2927vac Firmware Version < 4.4.2.3

Draytek ≫ Vigor2927vac Version-

Draytek ≫ Vigor2927f Firmware Version < 4.4.2.3

Draytek ≫ Vigor2927f Version-

Draytek ≫ Vigor2927l Firmware Version < 4.4.2.3

Draytek ≫ Vigor2927l Version-

Draytek ≫ Vigor2927lac Firmware Version < 4.4.2.3

Draytek ≫ Vigor2927lac Version-

Draytek ≫ Vigor2926 Firmware Version < 3.9.9.1

Draytek ≫ Vigor2926 Version-

Draytek ≫ Vigor2926n Firmware Version < 3.9.9.1

Draytek ≫ Vigor2926n Version-

Draytek ≫ Vigor2926ac Firmware Version < 3.9.9.1

Draytek ≫ Vigor2926ac Version-

Draytek ≫ Vigor2926vac Firmware Version < 3.9.9.1

Draytek ≫ Vigor2926vac Version-

Draytek ≫ Vigor2926l Firmware Version < 3.9.9.1

Draytek ≫ Vigor2926l Version-

Draytek ≫ Vigor2926ln Firmware Version < 3.9.9.1

Draytek ≫ Vigor2926ln Version-

Draytek ≫ Vigor2926lac Firmware Version < 3.9.9.1

Draytek ≫ Vigor2926lac Version-

Draytek ≫ Vigor2925 Firmware Version < 3.9.4

Draytek ≫ Vigor2925 Version-

Draytek ≫ Vigor2925n Firmware Version < 3.9.4

Draytek ≫ Vigor2925n Version-

Draytek ≫ Vigor2925n-plus Firmware Version < 3.9.4

Draytek ≫ Vigor2925n-plus Version-

Draytek ≫ Vigor2925vn-plus Firmware Version < 3.9.4

Draytek ≫ Vigor2925vn-plus Version-

Draytek ≫ Vigor2925ac Firmware Version < 3.9.4

Draytek ≫ Vigor2925ac Version-

Draytek ≫ Vigor2925vac Firmware Version < 3.9.4

Draytek ≫ Vigor2925vac Version-

Draytek ≫ Vigor2925fn Firmware Version < 3.9.4

Draytek ≫ Vigor2925fn Version-

Draytek ≫ Vigor2925l Firmware Version < 3.9.4

Draytek ≫ Vigor2925l Version-

Draytek ≫ Vigor2925ln Firmware Version < 3.9.4

Draytek ≫ Vigor2925ln Version-

Draytek ≫ Vigor2915 Firmware Version < 4.4.2.1

Draytek ≫ Vigor2915 Version-

Draytek ≫ Vigor2915ac Firmware Version < 4.4.2.1

Draytek ≫ Vigor2915ac Version-

Draytek ≫ Vigor2866 Firmware Version < 4.4.1.1

Draytek ≫ Vigor2866 Version-

Draytek ≫ Vigor2866ax Firmware Version < 4.4.1.1

Draytek ≫ Vigor2866ax Version-

Draytek ≫ Vigor2866ac Firmware Version < 4.4.1.1

Draytek ≫ Vigor2866ac Version-

Draytek ≫ Vigor2866vac Firmware Version < 4.4.1.1

Draytek ≫ Vigor2866vac Version-

Draytek ≫ Vigor2866l Firmware Version < 4.4.1.1

Draytek ≫ Vigor2866l Version-

Draytek ≫ Vigor2866lac Firmware Version < 4.4.1.1

Draytek ≫ Vigor2866lac Version-

Draytek ≫ Vigor2865 Firmware Version < 4.4.1.1

Draytek ≫ Vigor2865 Version-

Draytek ≫ Vigor2865ax Firmware Version < 4.4.1.1

Draytek ≫ Vigor2865ax Version-

Draytek ≫ Vigor2865ac Firmware Version < 4.4.1.1

Draytek ≫ Vigor2865ac Version-

Draytek ≫ Vigor2865vac Firmware Version < 4.4.1.1

Draytek ≫ Vigor2865vac Version-

Draytek ≫ Vigor2865l Firmware Version < 4.4.1.1

Draytek ≫ Vigor2865l Version-

Draytek ≫ Vigor2865lac Firmware Version < 4.4.1.1

Draytek ≫ Vigor2865lac Version-

Draytek ≫ Vigor2862 Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862 Version-

Draytek ≫ Vigor2862n Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862n Version-

Draytek ≫ Vigor2862ac Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862ac Version-

Draytek ≫ Vigor2862vac Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862vac Version-

Draytek ≫ Vigor2862b Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862b Version-

Draytek ≫ Vigor2862bn Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862bn Version-

Draytek ≫ Vigor2862l Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862l Version-

Draytek ≫ Vigor2862ln Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862ln Version-

Draytek ≫ Vigor2862lac Firmware Version < 3.9.9.1

Draytek ≫ Vigor2862lac Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.78%	0.823

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/

Vendor Advisory

https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-23313

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23313

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23313

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-23313