Vulnerabilities > Draytek > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-03 | CVE-2024-41587 | Cross-site Scripting vulnerability in Draytek products Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. | 5.4 |
| 2024-10-03 | CVE-2024-41591 | Cross-site Scripting vulnerability in Draytek products DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | 6.1 |
| 2023-03-03 | CVE-2023-23313 | Cross-site Scripting vulnerability in Draytek products Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. | 6.1 |
| 2023-03-03 | CVE-2023-1163 | Path Traversal vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. | 6.5 |
| 2023-02-24 | CVE-2023-1009 | Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. | 5.5 |
| 2021-10-13 | CVE-2021-20126 | Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorconnect 1.6.0 Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 6.8 |
| 2021-10-13 | CVE-2021-20129 | Information Exposure Through Log Files vulnerability in Draytek Vigorconnect 1.6.0 An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. | 5.0 |
| 2020-04-15 | CVE-2020-3932 | Information Exposure vulnerability in Draytek Vigorap 910C Firmware 1.3.1 A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. | 5.0 |
| 2019-09-20 | CVE-2019-16534 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. | 4.3 |
| 2019-09-20 | CVE-2019-16533 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. | 4.3 |