Vulnerability Description
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Draytek | Vigor2925 Firmware | 3.8.4.3 |
| Draytek | Vigor 2925 | - |
| Draytek | Vigor 2925N | - |
| Draytek | Vigor2925Ac | - |
| Draytek | Vigor2925Fn | - |
| Draytek | Vigor2925N-Plus | - |
| Draytek | Vigor2925Vac | - |
| Draytek | Vigor2925Vn-Plus | - |
Related Weaknesses (CWE)
References
- https://www.draytek.com/about/security-advisory/urgent-security-updates-to-drayt
- https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755Third Party Advisory
- https://www.draytek.com/about/security-advisory/urgent-security-updates-to-drayt
- https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755Third Party Advisory
FAQ
What is CVE-2019-16533?
CVE-2019-16533 is a vulnerability with a CVSS score of 6.1 (MEDIUM). On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
How severe is CVE-2019-16533?
CVE-2019-16533 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16533?
Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor2925 Firmware, Draytek Vigor 2925, Draytek Vigor 2925N, Draytek Vigor2925Ac, Draytek Vigor2925Fn.