PT-2019-14691 · Draytek · Draytek Vigor 2925

Published

2019-09-20

Updated

2020-04-06

CVE-2019-16533

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions DrayTek Vigor2925 version 3.8.4.3

Description The issue is related to Incorrect Access Control in the loginset.htm page, which can be exploited to trigger a Cross-Site Scripting (XSS) attack.

Recommendations For DrayTek Vigor2925 version 3.8.4.3, consider disabling access to the loginset.htm page as a temporary workaround until a patch is available. However, since this is an end-of-life product, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-16533

Affected Products

Draytek Vigor 2925

PT-2019-14691 · Draytek · Draytek Vigor 2925

CVE-2019-16533

Weakness Enumeration

Related Identifiers

Affected Products

References · 4