Vulnerabilities > Draytek > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-03 | CVE-2023-23313 | Cross-site Scripting vulnerability in Draytek products Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. | 6.1 |
| 2023-03-03 | CVE-2023-1163 | Path Traversal vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. | 6.5 |
| 2023-02-24 | CVE-2023-1009 | Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. | 5.5 |
| 2021-10-13 | CVE-2021-20126 | Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorconnect 1.6.0 Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 6.8 |
| 2021-10-13 | CVE-2021-20129 | Information Exposure Through Log Files vulnerability in Draytek Vigorconnect 1.6.0 An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. | 5.0 |
| 2020-04-15 | CVE-2020-3932 | Information Exposure vulnerability in Draytek Vigorap 910C Firmware 1.3.1 A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. | 5.0 |
| 2019-09-20 | CVE-2019-16534 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. | 4.3 |
| 2019-09-20 | CVE-2019-16533 | Cross-site Scripting vulnerability in Draytek Vigor2925 Firmware 3.8.4.3 On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. | 4.3 |
| 2018-03-07 | CVE-2017-11650 | Cross-site Scripting vulnerability in Draytek Vigorap 910C Firmware 1.2.0 Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp. | 4.3 |
| 2018-03-07 | CVE-2017-11649 | Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorap 910C Firmware 1.2.0 Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp. | 6.8 |