CVE-2023-23313

03.03.2023, 22:15

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 37%

Vendor	Product	Version
draytek	vigor2860_firmware	𝑥 < 3.9.4
draytek	vigor2860n_firmware	𝑥 < 3.9.4
draytek	vigor2860n-plus_firmware	𝑥 < 3.9.4
draytek	vigor2860vn-plus_firmware	𝑥 < 3.9.4
draytek	vigor2860ac_firmware	𝑥 < 3.9.4
draytek	vigor2860vac_firmware	𝑥 < 3.9.4
draytek	vigor2860l_firmware	𝑥 < 3.9.4
draytek	vigor2860ln_firmware	𝑥 < 3.9.4
draytek	vigor2832_firmware	𝑥 < 3.9.6.3
draytek	vigor2832n_firmware	𝑥 < 3.9.6.3
draytek	vigor2766_firmware	𝑥 < 4.4.2.1
draytek	vigor2766ax_firmware	𝑥 < 4.4.2.1
draytek	vigor2766ac_firmware	𝑥 < 4.4.2.1
draytek	vigor2766vac_firmware	𝑥 < 4.4.2.1
draytek	vigor2765_firmware	𝑥 < 4.4.2.1
draytek	vigor2765ax_firmware	𝑥 < 4.4.2.1
draytek	vigor2765ac_firmware	𝑥 < 4.4.2.1
draytek	vigor2765va_firmware	𝑥 < 4.4.2.1
draytek	vigor2763_firmware	𝑥 < 4.4.2.2
draytek	vigor2763ac_firmware	𝑥 < 4.4.2.2
draytek	vigor2762_firmware	𝑥 < 3.9.6.5
draytek	vigor2762n_firmware	𝑥 < 3.9.6.5
draytek	vigor2762ac_firmware	𝑥 < 3.9.6.5
draytek	vigor2762vac_firmware	𝑥 < 3.9.6.5
draytek	vigor2135_firmware	𝑥 < 4.4.2.1
draytek	vigor2135ax_firmware	𝑥 < 4.4.2.1
draytek	vigor2135ac_firmware	𝑥 < 4.4.2.1
draytek	vigor2135vac_firmware	𝑥 < 4.4.2.1
draytek	vigor2135fvac_firmware	𝑥 < 4.4.2.1
draytek	vigor2133_firmware	𝑥 < 3.9.6.5
draytek	vigor2133n_firmware	𝑥 < 3.9.6.5
draytek	vigor2133ac_firmware	𝑥 < 3.9.6.5
draytek	vigor2133vac_firmware	𝑥 < 3.9.6.5
draytek	vigor2133fvac_firmware	𝑥 < 3.9.6.5
draytek	vigor166_firmware	𝑥 < 4.2.4.1
draytek	vigor165_firmware	𝑥 < 4.2.4.1
draytek	vigor130_firmware	𝑥 < 3.8.5.1
draytek	vigornic_132_firmware	𝑥 < 3.8.5.1
draytek	virgor3910_firmware	𝑥 < 4.3.2.2
draytek	virgor3220_firmware	𝑥 < 3.9.7.4
draytek	virgor2962_firmware	𝑥 < 4.3.2.2
draytek	virgor2962p_firmware	𝑥 < 4.3.2.2
draytek	virgor1000b_firmware	𝑥 < 4.3.2.2
draytek	virgor2952_firmware	𝑥 < 3.9.7.4
draytek	virgor2952p_firmware	𝑥 < 3.9.7.4
draytek	virgor2927_firmware	𝑥 < 4.4.2.3
draytek	virgor2927ax_firmware	𝑥 < 4.4.2.3
draytek	virgor2927ac_firmware	𝑥 < 4.4.2.3
draytek	virgor2927vac_firmware	𝑥 < 4.4.2.3
draytek	virgor2927f_firmware	𝑥 < 4.4.2.3
draytek	virgor2927l_firmware	𝑥 < 4.4.2.3
draytek	virgor2927lac_firmware	𝑥 < 4.4.2.3
draytek	virgor2926_firmware	𝑥 < 3.9.9.1
draytek	virgor2926n_firmware	𝑥 < 3.9.9.1
draytek	virgor2926ac_firmware	𝑥 < 3.9.9.1
draytek	virgor2926vac_firmware	𝑥 < 3.9.9.1
draytek	virgor2926l_firmware	𝑥 < 3.9.9.1
draytek	virgor2926ln_firmware	𝑥 < 3.9.9.1
draytek	virgor2926lac_firmware	𝑥 < 3.9.9.1
draytek	virgor2925_firmware	𝑥 < 3.9.4
draytek	virgor2925n_firmware	𝑥 < 3.9.4
draytek	virgor2925n-plus_firmware	𝑥 < 3.9.4
draytek	virgor2925vn-plus_firmware	𝑥 < 3.9.4
draytek	virgor2925ac_firmware	𝑥 < 3.9.4
draytek	virgor2925vac_firmware	𝑥 < 3.9.4
draytek	virgor2925fn_firmware	𝑥 < 3.9.4
draytek	virgor2925l_firmware	𝑥 < 3.9.4
draytek	virgor2925ln_firmware	𝑥 < 3.9.4
draytek	virgor2915_firmware	𝑥 < 4.4.2.1
draytek	virgor2915ac_firmware	𝑥 < 4.4.2.1
draytek	virgor2866_firmware	𝑥 < 4.4.1.1
draytek	virgor2866ax_firmware	𝑥 < 4.4.1.1
draytek	virgor2866ac_firmware	𝑥 < 4.4.1.1
draytek	virgor2866vac_firmware	𝑥 < 4.4.1.1
draytek	virgor2866l_firmware	𝑥 < 4.4.1.1
draytek	virgor2866lac_firmware	𝑥 < 4.4.1.1
draytek	virgor2865_firmware	𝑥 < 4.4.1.1
draytek	virgor2865ax_firmware	𝑥 < 4.4.1.1
draytek	virgor2865ac_firmware	𝑥 < 4.4.1.1
draytek	virgor2865vac_firmware	𝑥 < 4.4.1.1
draytek	virgor2865l_firmware	𝑥 < 4.4.1.1
draytek	virgor2865lac_firmware	𝑥 < 4.4.1.1
draytek	virgor2862_firmware	𝑥 < 3.9.9.1
draytek	virgor2862n_firmware	𝑥 < 3.9.9.1
draytek	virgor2862ac_firmware	𝑥 < 3.9.9.1
draytek	virgor2862vac_firmware	𝑥 < 3.9.9.1
draytek	virgor2862b_firmware	𝑥 < 3.9.9.1
draytek	virgor2862bn_firmware	𝑥 < 3.9.9.1
draytek	virgor2862l_firmware	𝑥 < 3.9.9.1
draytek	virgor2862ln_firmware	𝑥 < 3.9.9.1
draytek	virgor2862lac_firmware	𝑥 < 3.9.9.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/

https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313

https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/

https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313