CVE-2023-23313

Published: Mar 3, 2023Modified: Oct 7, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

Affected (91)

Draytek

91 products

Vigor2860 Firmware

Vigor2860n Firmware

Vigor2860n Plus Firmware

Vigor2860vn Plus Firmware

Vigor2860ac Firmware

Vigor2860vac Firmware

Vigor2766vac Firmware

Vigor2762vac Firmware

Vigor2135 Firmware

Vigor2135ax Firmware

Vigor2135ac Firmware

Vigor2135vac Firmware

Vigor2135fvac Firmware

Vigor2133 Firmware

Vigor2133n Firmware

Vigor2133ac Firmware

Vigor2133vac Firmware

Vigor2133fvac Firmware

Vigor166 Firmware

Vigor165 Firmware

Vigor130 Firmware

Vigornic 132 Firmware

Vigor2927vac Firmware

Vigor2927f Firmware

Vigor2927l Firmware

Vigor2927lac Firmware

Vigor2926 Firmware

Vigor2926n Firmware

Vigor2926ac Firmware

Vigor2926vac Firmware

Vigor2926l Firmware

Vigor2926ln Firmware

Vigor2926lac Firmware

Vigor2925 Firmware

Vigor2925n Firmware

Vigor2925n Plus Firmware

Vigor2925vn Plus Firmware

Vigor2925ac Firmware

Vigor2925vac Firmware

Vigor2866vac Firmware

Vigor2866l Firmware

Vigor2866lac Firmware

Vigor2865 Firmware

Vigor2865ax Firmware

Vigor2865ac Firmware

Vigor2865vac Firmware

Vigor2865l Firmware

Vigor2865lac Firmware

Vigor2862 Firmware

Vigor2862n Firmware

Vigor2862ac Firmware

Vigor2862vac Firmware

Vigor2862lac Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860 Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2860	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860n Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2860n	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860n Plus Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2860n Plus	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860vn Plus Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2860vn Plus	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860ac Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2860ac	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860vac Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2860vac	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860l Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2860l	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860ln Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2860ln	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2832 Firmware	Before 3.9.6.3

Running on/with	Platform Versions
Draytek Vigor2832	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2832n Firmware	Before 3.9.6.3

Running on/with	Platform Versions
Draytek Vigor2832n	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2766 Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2766	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2766ax Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2766ax	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2766ac Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2766ac	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2766vac Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2766vac	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2765 Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2765	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2765ax Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2765ax	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2765ac Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2765ac	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2765va Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2765va	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2763 Firmware	Before 4.4.2.2

Running on/with	Platform Versions
Draytek Vigor2763	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2763ac Firmware	Before 4.4.2.2

Running on/with	Platform Versions
Draytek Vigor2763ac	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2762 Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2762	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2762n Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2762n	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2762ac Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2762ac	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2762vac Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2762vac	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2135 Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2135	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2135ax Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2135ax	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2135ac Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2135ac	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2135vac Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2135vac	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2135fvac Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2135fvac	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2133 Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2133	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2133n Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2133n	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2133ac Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2133ac	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2133vac Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2133vac	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2133fvac Firmware	Before 3.9.6.5

Running on/with	Platform Versions
Draytek Vigor2133fvac	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor166 Firmware	Before 4.2.4.1

Running on/with	Platform Versions
Draytek Vigor166	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor165 Firmware	Before 4.2.4.1

Running on/with	Platform Versions
Draytek Vigor165	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor130 Firmware	Before 3.8.5.1

Running on/with	Platform Versions
Draytek Vigor130	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigornic 132 Firmware	Before 3.8.5.1

Running on/with	Platform Versions
Draytek Vigornic 132	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor3910 Firmware	Before 4.3.2.2

Running on/with	Platform Versions
Draytek Vigor3910	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor3220 Firmware	Before 3.9.7.4

Running on/with	Platform Versions
Draytek Vigor3220	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2962 Firmware	Before 4.3.2.2

Running on/with	Platform Versions
Draytek Vigor2962	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2962p Firmware	Before 4.3.2.2

Running on/with	Platform Versions
Draytek Vigor2962p	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor1000b Firmware	Before 4.3.2.2

Running on/with	Platform Versions
Draytek Vigor1000b	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2952 Firmware	Before 3.9.7.4

Running on/with	Platform Versions
Draytek Vigor2952	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2952p Firmware	Before 3.9.7.4

Running on/with	Platform Versions
Draytek Vigor2952p	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2927 Firmware	Before 4.4.2.3

Running on/with	Platform Versions
Draytek Vigor2927	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2927ax Firmware	Before 4.4.2.3

Running on/with	Platform Versions
Draytek Vigor2927ax	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2927ac Firmware	Before 4.4.2.3

Running on/with	Platform Versions
Draytek Vigor2927ac	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2927vac Firmware	Before 4.4.2.3

Running on/with	Platform Versions
Draytek Vigor2927vac	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2927f Firmware	Before 4.4.2.3

Running on/with	Platform Versions
Draytek Vigor2927f	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2927l Firmware	Before 4.4.2.3

Running on/with	Platform Versions
Draytek Vigor2927l	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2927lac Firmware	Before 4.4.2.3

Running on/with	Platform Versions
Draytek Vigor2927lac	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2926 Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2926	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2926n Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2926n	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2926ac Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2926ac	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2926vac Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2926vac	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2926l Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2926l	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2926ln Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2926ln	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2926lac Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2926lac	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925 Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925n Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925n	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925n Plus Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925n Plus	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925vn Plus Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925vn Plus	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925ac Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925ac	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925vac Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925vac	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925fn Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925fn	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925l Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925l	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925ln Firmware	Before 3.9.4

Running on/with	Platform Versions
Draytek Vigor2925ln	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2915 Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2915	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2915ac Firmware	Before 4.4.2.1

Running on/with	Platform Versions
Draytek Vigor2915ac	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2866 Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2866	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2866ax Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2866ax	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2866ac Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2866ac	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2866vac Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2866vac	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2866l Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2866l	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2866lac Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2866lac	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2865 Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2865	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2865ax Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2865ax	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2865ac Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2865ac	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2865vac Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2865vac	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2865l Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2865l	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2865lac Firmware	Before 4.4.1.1

Running on/with	Platform Versions
Draytek Vigor2865lac	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862 Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862n Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862n	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862ac Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862ac	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862vac Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862vac	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862b Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862b	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862bn Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862bn	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862l Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862l	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862ln Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862ln	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862lac Firmware	Before 3.9.9.1

Running on/with	Platform Versions
Draytek Vigor2862lac	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/

Source: cve@mitre.org

Vendor Advisory

https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313

Source: cve@mitre.org

Third Party Advisory

https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.