Skip to main content

Vigor2762Vac Firmware

2 CVEs product

Monthly

CVE-2023-23313 MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware Vigor2860N Plus Firmware Vigor2860Vn Plus Firmware +87
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-32548 CRITICAL POC THREAT Act Now

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vigor3910 Firmware Vigor1000B Firmware Vigor2962 Firmware Vigor2962P Firmware +64
NVD
CVSS 3.1
9.8
EPSS
33.8%
EPSS 0% CVSS 6.1
MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware +89
NVD
EPSS 34% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vigor3910 Firmware Vigor1000B Firmware +66
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy