Vulnerabilities > Draytek
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-20 | CVE-2019-16534 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. | 4.3 |
| 2019-09-20 | CVE-2019-16533 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. | 4.3 |
| 2018-03-07 | CVE-2017-11650 | Cross-site Scripting vulnerability in Draytek Vigorap 910C Firmware 1.2.0 Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp. | 4.3 |
| 2018-03-07 | CVE-2017-11649 | Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorap 910C Firmware 1.2.0 Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp. | 6.8 |
| 2013-10-22 | CVE-2013-5703 | OS Command Injection vulnerability in Draytek Vigor 2700 Router and Vigor 2700 Router Firmware The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. | 6.8 |