🛡️ CVE-2023-23313
🟡 CVSS 6.1 — Medium ✅ No Known Exploit CWE-79 NVD
6.1
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

Details

Severity MEDIUM
CVSS Score 6.1
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE CWE-79
Public Exploit ✅ No
Source NVD
Published 2023-03-03
Updated 2026-06-08
Modified 2025-10-07
Fix URL N/A

Affected Packages

Software From version Fixed in
vigor1000b-firmware 4.3.2.2
vigor130-firmware 3.8.5.1
vigor165-firmware 4.2.4.1
vigor166-firmware 4.2.4.1
vigor2133-firmware 3.9.6.5
vigor2133ac-firmware 3.9.6.5
vigor2133fvac-firmware 3.9.6.5
vigor2133n-firmware 3.9.6.5
vigor2133vac-firmware 3.9.6.5
vigor2135-firmware 4.4.2.1
vigor2135ac-firmware 4.4.2.1
vigor2135ax-firmware 4.4.2.1
vigor2135fvac-firmware 4.4.2.1
vigor2135vac-firmware 4.4.2.1
vigor2762-firmware 3.9.6.5
vigor2762ac-firmware 3.9.6.5
vigor2762n-firmware 3.9.6.5
vigor2762vac-firmware 3.9.6.5
vigor2763-firmware 4.4.2.2
vigor2763ac-firmware 4.4.2.2
vigor2765-firmware 4.4.2.1
vigor2765ac-firmware 4.4.2.1
vigor2765ax-firmware 4.4.2.1
vigor2765va-firmware 4.4.2.1
vigor2766-firmware 4.4.2.1
vigor2766ac-firmware 4.4.2.1
vigor2766ax-firmware 4.4.2.1
vigor2766vac-firmware 4.4.2.1
vigor2832-firmware 3.9.6.3
vigor2832n-firmware 3.9.6.3
vigor2860-firmware 3.9.4
vigor2860ac-firmware 3.9.4
vigor2860l-firmware 3.9.4
vigor2860ln-firmware 3.9.4
vigor2860n-firmware 3.9.4
vigor2860n-plus-firmware 3.9.4
vigor2860vac-firmware 3.9.4
vigor2860vn-plus-firmware 3.9.4
vigor2862-firmware 3.9.9.1
vigor2862ac-firmware 3.9.9.1
vigor2862b-firmware 3.9.9.1
vigor2862bn-firmware 3.9.9.1
vigor2862l-firmware 3.9.9.1
vigor2862lac-firmware 3.9.9.1
vigor2862ln-firmware 3.9.9.1
vigor2862n-firmware 3.9.9.1
vigor2862vac-firmware 3.9.9.1
vigor2865-firmware 4.4.1.1
vigor2865ac-firmware 4.4.1.1
vigor2865ax-firmware 4.4.1.1
vigor2865l-firmware 4.4.1.1
vigor2865lac-firmware 4.4.1.1
vigor2865vac-firmware 4.4.1.1
vigor2866-firmware 4.4.1.1
vigor2866ac-firmware 4.4.1.1
vigor2866ax-firmware 4.4.1.1
vigor2866l-firmware 4.4.1.1
vigor2866lac-firmware 4.4.1.1
vigor2866vac-firmware 4.4.1.1
vigor2915-firmware 4.4.2.1
vigor2915ac-firmware 4.4.2.1
vigor2925-firmware 3.9.4
vigor2925ac-firmware 3.9.4
vigor2925fn-firmware 3.9.4
vigor2925l-firmware 3.9.4
vigor2925ln-firmware 3.9.4
vigor2925n-firmware 3.9.4
vigor2925n-plus-firmware 3.9.4
vigor2925vac-firmware 3.9.4
vigor2925vn-plus-firmware 3.9.4
vigor2926-firmware 3.9.9.1
vigor2926ac-firmware 3.9.9.1
vigor2926l-firmware 3.9.9.1
vigor2926lac-firmware 3.9.9.1
vigor2926ln-firmware 3.9.9.1
vigor2926n-firmware 3.9.9.1
vigor2926vac-firmware 3.9.9.1
vigor2927-firmware 4.4.2.3
vigor2927ac-firmware 4.4.2.3
vigor2927ax-firmware 4.4.2.3
vigor2927f-firmware 4.4.2.3
vigor2927l-firmware 4.4.2.3
vigor2927lac-firmware 4.4.2.3
vigor2927vac-firmware 4.4.2.3
vigor2952-firmware 3.9.7.4
vigor2952p-firmware 3.9.7.4
vigor2962-firmware 4.3.2.2
vigor2962p-firmware 4.3.2.2
vigor3220-firmware 3.9.7.4
vigor3910-firmware 4.3.2.2
vigornic-132-firmware 3.8.5.1

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.