VYPR
Unrated severityNVD Advisory· Published Mar 3, 2023· Updated Mar 7, 2025

CVE-2023-23313

CVE-2023-23313

Description

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Draytek/Draytek Vigor3910, Vigor1000B, Vigor2962, Vigor2865, Vigor2866, Vigor2927, Vigor2915, Vigor2765, Vigor2766, Vigor2135, Vigor2763, Vigor2862, Vigor2962, Vigor2926, Vigor2925, Vigor2952, Vigor3220, Vigor2133, Vigor2762, Vigor2832description
  • Range: v4.4.1.0
  • Range: v4.3.2.1
  • Range: v4.3.2.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.