Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

vigor2926l_firmware

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2023-23313
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.77% / 82.33%
||
7 Day CHG~0.00%
Published-03 Mar, 2023 | 00:00
Updated-07 Oct, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor2860vacvigor2133acvigor2135fvacvigor2865_firmwarevigor2865ac_firmwarevigor2135ax_firmwarevigor2926_firmwarevigor2952pvigor2926nvigor2927vacvigor2862bvigor2927l_firmwarevigor2927f_firmwarevigor2962pvigor2925n-plus_firmwarevigor166_firmwarevigor2766vigor2862ln_firmwarevigor2860acvigor2925ac_firmwarevigor2765_firmwarevigor2865acvigor2135acvigor2925vac_firmwarevigor2860vn-plusvigor2866ac_firmwarevigor2952p_firmwarevigor2766acvigor2927acvigor2766ax_firmwarevigor2762nvigor2862acvigor2832nvigor2862lnvigor2865vigor2925n_firmwarevigor2862vigor2925vigor2926l_firmwarevigor2860nvigor2915ac_firmwarevigor2860n-plus_firmwarevigor2866lacvigor2925ln_firmwarevigor2763acvigor2952vigor2765ac_firmwarevigor2133fvacvigor2133n_firmwarevigor2927_firmwarevigornic_132vigor2926lacvigor2927ac_firmwarevigor2926lvigor2925n-plusvigor2925acvigor2862bn_firmwarevigor2135axvigor2862bnvigor2762n_firmwarevigor2865lac_firmwarevigor2962p_firmwarevigor2927axvigor2925nvigor2927vigor2952_firmwarevigor2763_firmwarevigor2862ac_firmwarevigor2860vn-plus_firmwarevigor2762acvigor2762vac_firmwarevigor2862lacvigor2927vac_firmwarevigor2862lvigor2865vacvigor2765vigor165vigor2133ac_firmwarevigor2865l_firmwarevigor2865lvigor2765ax_firmwarevigor2926acvigor3220_firmwarevigor2860lvigor2915acvigor2962_firmwarevigor2862vac_firmwarevigor2135fvac_firmwarevigor2865ax_firmwarevigor2862vacvigor3220vigor2832n_firmwarevigor2925_firmwarevigor1000bvigor2865axvigor2763ac_firmwarevigor2765va_firmwarevigor2866l_firmwarevigor2915_firmwarevigor2766vacvigor2766_firmwarevigor2927ax_firmwarevigor2926n_firmwarevigor2925vacvigor2862_firmwarevigor2925lnvigor2135vac_firmwarevigor3910vigor166vigor2866vigor2135vacvigor2866acvigor2133vigor2925vn-plus_firmwarevigor2762ac_firmwarevigor2860lnvigor2766ac_firmwarevigornic_132_firmwarevigor2135vigor130_firmwarevigor2860l_firmwarevigor2860n-plusvigor2765axvigor2135ac_firmwarevigor2927lacvigor2926lnvigor130vigor2766vac_firmwarevigor2927fvigor2133_firmwarevigor2133fvac_firmwarevigor2860ac_firmwarevigor2860_firmwarevigor165_firmwarevigor2866ax_firmwarevigor2832_firmwarevigor2926vac_firmwarevigor2866_firmwarevigor2926ln_firmwarevigor2862n_firmwarevigor2762_firmwarevigor2766axvigor2860n_firmwarevigor2927lac_firmwarevigor2765acvigor2865lacvigor2763vigor2925vn-plusvigor2762vacvigor2135_firmwarevigor2133vac_firmwarevigor2925lvigor2926vigor2866vacvigor2925fnvigor1000b_firmwarevigor2927lvigor2765vavigor2926lac_firmwarevigor2762vigor2865vac_firmwarevigor2133nvigor2860vac_firmwarevigor2862nvigor2862l_firmwarevigor2866axvigor3910_firmwarevigor2866lac_firmwarevigor2926vacvigor2866vac_firmwarevigor2832vigor2925l_firmwarevigor2862lac_firmwarevigor2926ac_firmwarevigor2962vigor2860vigor2133vacvigor2860ln_firmwarevigor2925fn_firmwarevigor2866lvigor2862b_firmwarevigor2915n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-32548
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-59.25% / 98.19%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 05:38
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor2866ax_firmwarevigor165_firmwarevigor2927vacvigor2952p_firmwarevigor2865_firmwarevigor3910_firmwarevigor2762vacvigor3220_firmwarevigor2927vigor2915ac_firmwarevigor2766vacvigor2865vac_firmwarevigor2862acvigor2926vac_firmwarevigor2133ac_firmwarevigor2862b_firmwarevigor2133acvigor2862bn_firmwarevigor2762vigor2862lvigor2135vigor2865lac_firmwarevigor2862bvigor166_firmwarevigor1000b_firmwarevigor2862ln_firmwarevigor166vigor2866acvigor2866vacvigor2962p_firmwarevigor2135vac_firmwarevigor2927vac_firmwarevigor2133vacvigor2927l_firmwarevigor2133fvacvigor2133n_firmwarevigor3910vigor2862lnvigor1000bvigor2962pvigor2620l_firmwarevigor2766vac_firmwarevigor2862vacvigor2926n_firmwarevigor2927lacvigorlte_200n_firmwarevigor2865lvigor2866lvigor2865acvigor2620lnvigor2862nvigor2862l_firmwarevigor2766_firmwarevigor2762nvigor2865lacvigor2926vacvigor2765ac_firmwarevigor2926lac_firmwarevigor2926nvigor2762acvigor2135vacvigor2927ax_firmwarevigor2135acvigor3220vigor2927acvigor2866lac_firmwarevigor2952_firmwarevigor2766ac_firmwarevigor2620ln_firmwarevigor2133vac_firmwarevigor2766vigor2866_firmwarevigor2915vigor2926vigor2926ac_firmwarevigor2862vigorlte_200nvigor2865ax_firmwarevigor2866vigor2862lac_firmwarevigor2133vigor2952vigor2862bnvigor2927_firmwarevigor2962vigor2762ac_firmwarevigor2866l_firmwarevigor2135fvacvigor2762_firmwarevigor2926l_firmwarevigor2926lvigor2765acvigor2765vac_firmwarevigor2762vac_firmwarevigor2765vacvigor2926acvigor2915_firmwarevigor2862n_firmwarevigor2762n_firmwarevigor2866axvigor2133fvac_firmwarevigor2620lvigor2766acvigor2926_firmwarevigor2862ac_firmwarevigor2915acvigor2927lac_firmwarevigor2865vigor2962_firmwarevigor2133nvigor2135fvac_firmwarevigor2765vigor2832vigor2862vac_firmwarevigor2952pvigor2926lacvigor2133_firmwarevigor2765_firmwarevigor2865l_firmwarevigor2865ac_firmwarevigor2135_firmwarevigor2865axvigor2832_firmwarevigor2866lacvigor2866vac_firmwarevigor2862lacvigor2866ac_firmwarevigor2865vacvigor2927axvigor2862_firmwarevigor2135ac_firmwarevigor2927lvigor165vigor2926lnvigor2927ac_firmwarevigor2926ln_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')