Juraj Kosik

**Name of the Vulnerable Software and Affected Versions** DrayTek Vigor 2700 router version 2.8.3 **Description** The issue allows remote attackers to execute arbitrary JavaScript code and modify settings or the DNS cache. This is achieved by using a crafted SSID value that is not properly handled during insertion into the `sWlessSurvey` value in `variables.js`. **Recommendations** For DrayTek Vigor 2700 router version 2.8.3, consider restricting access to the `variables.js` file or the `sWlessSurvey` value to minimize the risk of exploitation. Avoid using crafted SSID values until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.