Vulnerability Details CVE-2019-16533
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://www.draytek.com/about/security-advisory/urgent-security-updates-to-draytek-routers
- https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755
- https://www.draytek.com/about/security-advisory/urgent-security-updates-to-draytek-routers
- https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755
Products affected by CVE-2019-16533
-
cpe:2.3:h:draytek:vigor2925ac:-
-
cpe:2.3:h:draytek:vigor2925fn:-
-
cpe:2.3:h:draytek:vigor2925n-plus:-
-
cpe:2.3:h:draytek:vigor2925vac:-
-
cpe:2.3:h:draytek:vigor2925vn-plus:-
-
cpe:2.3:h:draytek:vigor_2925:-
-
cpe:2.3:h:draytek:vigor_2925n:-
-
cpe:2.3:o:draytek:vigor2925_firmware:3.8.4.3