CVE-2013-5703

Published: Oct 22, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js.

Affected (2)

Products: Draytek: Vigor 2700 Router Firmware, Vigor 2700 Router

2 products

Vigor 2700 Router Firmware

Vigor 2700 Router

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Draytek Vigor 2700 Router Firmware	Version 2.8.3
Draytek Vigor 2700 Router	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

http://www.kb.cert.org/vuls/id/101462

Source: cve@mitre.org

US Government Resource

http://www.kb.cert.org/vuls/id/101462

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.