PT-2019-14691 · Draytek · Draytek Vigor 2925
Publicado
2019-09-20
·
Atualizado
2020-04-06
·
CVE-2019-16533
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DrayTek Vigor2925 version 3.8.4.3
Description
The issue is related to Incorrect Access Control in the loginset.htm page, which can be exploited to trigger a Cross-Site Scripting (XSS) attack.
Recommendations
For DrayTek Vigor2925 version 3.8.4.3, consider disabling access to the loginset.htm page as a temporary workaround until a patch is available. However, since this is an end-of-life product, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Draytek Vigor 2925