Incorrect Control over DrayTek Vigor Router

condignly Overview :
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.

On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.

http://schottremovals.co.uk/david-l-1662017/ Affected Product(s) :
  • DrayTek Vigor2925 devices with firmware 3.8.4.3
Vulnerability Details :
CVE ID : CVE-2019-16533
Incorrect Access Control exists in loginset.htm
CVE ID : CVE-2019-16534
XSS exists via a crafted WAN name on the General Setup screen

Solution : update to the latest version

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-32460 : DELL POWEREDGE PLATFORM PRIOR 2.20.1 BIOS MISSING AUTHENTICATION

CVE-2023-32460 : DELL POWEREDGE PLATFORM PRIOR 2.20.1 BIOS MISSING AUTHENTICATION

Description Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability,

CVE-2023-6514 : HUAWEI AJMD-370S 103.1.0.110(SP12C00E2R1P2) BLUETOOTH MODULE LOGIC ERROR

CVE-2023-6514 : HUAWEI AJMD-370S 103.1.0.110(SP12C00E2R1P2) BLUETOOTH MODULE LOGIC ERROR

Description The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this

CVE-2023-22523 : ATLASSIAN ASSETS DISCOVERY CLOUD ASSETS DISCOVERY AGENT REMOTE CODE EXECUTION

CVE-2023-22523 : ATLASSIAN ASSETS DISCOVERY CLOUD ASSETS DISCOVERY AGENT REMOTE CODE EXECUTION

Description This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets