CVE-2023-23313

Name of the Vulnerable Software and Affected Versions Vigor3910 version 4.3.2.1 Vigor1000B version 4.3.2.1 Vigor2962 version 4.3.2.1 Vigor2865 version 4.4.1.0 Vigor2866 version 4.4.1.0 Vigor2927 version 4.4.2.2 Vigor2915 version 4.4.2.0 Vigor2765 version 4.4.2.0 Vigor2766 version 4.4.2.0 Vigor2135 version 4.4.2.0 Vigor2763 version 4.4.2.1 Vigor2862 version 3.9.9.0 Vigor2926 version 3.9.9.0 Vigor2925 version 3.9.3 Vigor2952 version 3.9.7.3 Vigor3220 version 3.9.7.3 Vigor2133 version 3.9.6.4 Vigor2762 version 3.9.6.4 Vigor2832 version 3.9.6.2

Description The issue is related to Cross Site Scripting (XSS) via the wlogin.cgi script and user login.cgi script of the router's web application management portal.

Recommendations For Vigor3910 version 4.3.2.1, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor1000B version 4.3.2.1, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2962 version 4.3.2.1, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2865 version 4.4.1.0, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2866 version 4.4.1.0, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2927 version 4.4.2.2, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2915 version 4.4.2.0, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2765 version 4.4.2.0, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2766 version 4.4.2.0, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2135 version 4.4.2.0, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2763 version 4.4.2.1, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2862 version 3.9.9.0, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2926 version 3.9.9.0, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2925 version 3.9.3, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2952 version 3.9.7.3, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor3220 version 3.9.7.3, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2133 version 3.9.6.4, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2762 version 3.9.6.4, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. For Vigor2832 version 3.9.6.2, consider disabling the wlogin.cgi and user login.cgi scripts until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.