Skip to main content

Vigor2832N Firmware

2 CVEs product

Monthly

CVE-2023-33778 CRITICAL POC Act Now

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Myvigor Vigorswitch Pq2200Xb Firmware Vigorswitch Pq2121X Firmware Vigorswitch P2540Xs Firmware +68
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-23313 MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware Vigor2860N Plus Firmware Vigor2860Vn Plus Firmware +87
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Myvigor Vigorswitch Pq2200Xb Firmware +70
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware +89
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy