PT-2018-5334 · Draytek · Draytek Vigor Ap910C
Published
2018-03-06
·
Updated
2021-06-03
·
CVE-2017-11650
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DrayTek Vigor AP910C version 1.2.0 RC3 build r6594
Description
The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via vectors involving the home.asp page. This could potentially lead to unauthorized access or control of the device.
Recommendations
For DrayTek Vigor AP910C version 1.2.0 RC3 build r6594, consider disabling access to the home.asp page until a patch is available to prevent exploitation of the XSS vulnerability.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Draytek Vigor Ap910C