Vulnerability Description
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Draytek | Vigor2925 Firmware | 3.8.4.3 |
| Draytek | Vigor 2925 | - |
| Draytek | Vigor 2925N | - |
| Draytek | Vigor2925Ac | - |
| Draytek | Vigor2925Fn | - |
| Draytek | Vigor2925N-Plus | - |
| Draytek | Vigor2925Vac | - |
| Draytek | Vigor2925Vn-Plus | - |
Related Weaknesses (CWE)
References
- https://www.draytek.com/about/security-advisory/urgent-security-updates-to-drayt
- https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755Third Party Advisory
- https://www.draytek.com/about/security-advisory/urgent-security-updates-to-drayt
- https://www.facebook.com/Huang.YuHsiang.Phone/posts/1815316691945755Third Party Advisory
FAQ
What is CVE-2019-16534?
CVE-2019-16534 is a vulnerability with a CVSS score of 6.1 (MEDIUM). On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
How severe is CVE-2019-16534?
CVE-2019-16534 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16534?
Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor2925 Firmware, Draytek Vigor 2925, Draytek Vigor 2925N, Draytek Vigor2925Ac, Draytek Vigor2925Fn.