1. Home
  2. CVE Database
  3. CVE-2020-28968
MEDIUM · 5.4

CVE-2020-28968

Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary we...

Vulnerability Description

Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
DraytekVigorap 1000C Firmware1.3.2
DraytekVigorap 1000C-
DraytekVigorap 700 Firmware1.11
DraytekVigorap 700-
DraytekVigorap 710 Firmware1.2.5
DraytekVigorap 710-
DraytekVigorap 800 Firmware1.1.4
DraytekVigorap 800-
DraytekVigorap 802 Firmware1.3.2
DraytekVigorap 802-
DraytekVigorap 810 Firmware1.2.5
DraytekVigorap 810-
DraytekVigorap 900 Firmware1.2.0
DraytekVigorap 900-
DraytekVigorap 902 Firmware1.2.5
DraytekVigorap 902-
DraytekVigorap 903 Firmware1.3.1
DraytekVigorap 903-
DraytekVigorap 910C Firmware1.2.5
DraytekVigorap 910C-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2020-28968?

CVE-2020-28968 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary we...

How severe is CVE-2020-28968?

CVE-2020-28968 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28968?

Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigorap 1000C Firmware, Draytek Vigorap 1000C, Draytek Vigorap 700 Firmware, Draytek Vigorap 700, Draytek Vigorap 710 Firmware.