On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2019-09-20 16:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-16533
Mitre link : CVE-2019-16533
CVE.ORG link : CVE-2019-16533
JSON object : View
Products Affected
draytek
- vigor_2925
- vigor2925vac
- vigor2925fn
- vigor2925_firmware
- vigor2925n-plus
- vigor2925vn-plus
- vigor2925ac
- vigor_2925n
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')