Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

vigor2925fn

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2023-23313
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.77% / 82.33%
||
7 Day CHG~0.00%
Published-03 Mar, 2023 | 00:00
Updated-07 Oct, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor2860vacvigor2133acvigor2135fvacvigor2865_firmwarevigor2865ac_firmwarevigor2135ax_firmwarevigor2926_firmwarevigor2952pvigor2926nvigor2927vacvigor2862bvigor2927l_firmwarevigor2927f_firmwarevigor2962pvigor2925n-plus_firmwarevigor166_firmwarevigor2766vigor2862ln_firmwarevigor2860acvigor2925ac_firmwarevigor2765_firmwarevigor2865acvigor2135acvigor2925vac_firmwarevigor2860vn-plusvigor2866ac_firmwarevigor2952p_firmwarevigor2766acvigor2927acvigor2766ax_firmwarevigor2762nvigor2862acvigor2832nvigor2862lnvigor2865vigor2925n_firmwarevigor2862vigor2925vigor2926l_firmwarevigor2860nvigor2915ac_firmwarevigor2860n-plus_firmwarevigor2866lacvigor2925ln_firmwarevigor2763acvigor2952vigor2765ac_firmwarevigor2133fvacvigor2133n_firmwarevigor2927_firmwarevigornic_132vigor2926lacvigor2927ac_firmwarevigor2926lvigor2925n-plusvigor2925acvigor2862bn_firmwarevigor2135axvigor2862bnvigor2762n_firmwarevigor2865lac_firmwarevigor2962p_firmwarevigor2927axvigor2925nvigor2927vigor2952_firmwarevigor2763_firmwarevigor2862ac_firmwarevigor2860vn-plus_firmwarevigor2762acvigor2762vac_firmwarevigor2862lacvigor2927vac_firmwarevigor2862lvigor2865vacvigor2765vigor165vigor2133ac_firmwarevigor2865l_firmwarevigor2865lvigor2765ax_firmwarevigor2926acvigor3220_firmwarevigor2860lvigor2915acvigor2962_firmwarevigor2862vac_firmwarevigor2135fvac_firmwarevigor2865ax_firmwarevigor2862vacvigor3220vigor2832n_firmwarevigor2925_firmwarevigor1000bvigor2865axvigor2763ac_firmwarevigor2765va_firmwarevigor2866l_firmwarevigor2915_firmwarevigor2766vacvigor2766_firmwarevigor2927ax_firmwarevigor2926n_firmwarevigor2925vacvigor2862_firmwarevigor2925lnvigor2135vac_firmwarevigor3910vigor166vigor2866vigor2135vacvigor2866acvigor2133vigor2925vn-plus_firmwarevigor2762ac_firmwarevigor2860lnvigor2766ac_firmwarevigornic_132_firmwarevigor2135vigor130_firmwarevigor2860l_firmwarevigor2860n-plusvigor2765axvigor2135ac_firmwarevigor2927lacvigor2926lnvigor130vigor2766vac_firmwarevigor2927fvigor2133_firmwarevigor2133fvac_firmwarevigor2860ac_firmwarevigor2860_firmwarevigor165_firmwarevigor2866ax_firmwarevigor2832_firmwarevigor2926vac_firmwarevigor2866_firmwarevigor2926ln_firmwarevigor2862n_firmwarevigor2762_firmwarevigor2766axvigor2860n_firmwarevigor2927lac_firmwarevigor2765acvigor2865lacvigor2763vigor2925vn-plusvigor2762vacvigor2135_firmwarevigor2133vac_firmwarevigor2925lvigor2926vigor2866vacvigor2925fnvigor1000b_firmwarevigor2927lvigor2765vavigor2926lac_firmwarevigor2762vigor2865vac_firmwarevigor2133nvigor2860vac_firmwarevigor2862nvigor2862l_firmwarevigor2866axvigor3910_firmwarevigor2866lac_firmwarevigor2926vacvigor2866vac_firmwarevigor2832vigor2925l_firmwarevigor2862lac_firmwarevigor2926ac_firmwarevigor2962vigor2860vigor2133vacvigor2860ln_firmwarevigor2925fn_firmwarevigor2866lvigor2862b_firmwarevigor2915n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-16534
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.98%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 15:23
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor2925_firmwarevigor2925vacvigor2925vn-plusvigor2925acvigor2925fnvigor_2925nvigor2925n-plusvigor_2925n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-16533
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.98%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 15:22
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor2925_firmwarevigor2925vacvigor2925vn-plusvigor2925acvigor2925fnvigor_2925nvigor2925n-plusvigor_2925n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')