CVE & CISA-KEV Catalog

CVE-2023-23313

MEDIUM
6.1
CVSS v3
NVD

Description

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

How to fix

Remediation Available
vigor1000b firmwareNVD
Affected:< 4.3.2.2Fixed in:4.3.2.2CVE-2023-23313derived from NVD
vigor130 firmwareNVD
Affected:< 3.8.5.1Fixed in:3.8.5.1CVE-2023-23313derived from NVD
vigor165 firmwareNVD
Affected:< 4.2.4.1Fixed in:4.2.4.1CVE-2023-23313derived from NVD
vigor166 firmwareNVD
Affected:< 4.2.4.1Fixed in:4.2.4.1CVE-2023-23313derived from NVD
vigor2133 firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2133ac firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2133fvac firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2133n firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2133vac firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2135 firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2135ac firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2135ax firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2135fvac firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2135vac firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2762 firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2762ac firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2762n firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2762vac firmwareNVD
Affected:< 3.9.6.5Fixed in:3.9.6.5CVE-2023-23313derived from NVD
vigor2763 firmwareNVD
Affected:< 4.4.2.2Fixed in:4.4.2.2CVE-2023-23313derived from NVD
vigor2763ac firmwareNVD
Affected:< 4.4.2.2Fixed in:4.4.2.2CVE-2023-23313derived from NVD
vigor2765 firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2765ac firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2765ax firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2765va firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2766 firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2766ac firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2766ax firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2766vac firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2832 firmwareNVD
Affected:< 3.9.6.3Fixed in:3.9.6.3CVE-2023-23313derived from NVD
vigor2832n firmwareNVD
Affected:< 3.9.6.3Fixed in:3.9.6.3CVE-2023-23313derived from NVD
vigor2860 firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2860ac firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2860l firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2860ln firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2860n-plus firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2860n firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2860vac firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2860vn-plus firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2862 firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2862ac firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2862b firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2862bn firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2862l firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2862lac firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2862ln firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2862n firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2862vac firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2865 firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2865ac firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2865ax firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2865l firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2865lac firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2865vac firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2866 firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2866ac firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2866ax firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2866l firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2866lac firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2866vac firmwareNVD
Affected:< 4.4.1.1Fixed in:4.4.1.1CVE-2023-23313derived from NVD
vigor2915 firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2915ac firmwareNVD
Affected:< 4.4.2.1Fixed in:4.4.2.1CVE-2023-23313derived from NVD
vigor2925 firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2925ac firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2925fn firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2925l firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2925ln firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2925n-plus firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2925n firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2925vac firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2925vn-plus firmwareNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2023-23313derived from NVD
vigor2926 firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2926ac firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2926l firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2926lac firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2926ln firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2926n firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2926vac firmwareNVD
Affected:< 3.9.9.1Fixed in:3.9.9.1CVE-2023-23313derived from NVD
vigor2927 firmwareNVD
Affected:< 4.4.2.3Fixed in:4.4.2.3CVE-2023-23313derived from NVD
vigor2927ac firmwareNVD
Affected:< 4.4.2.3Fixed in:4.4.2.3CVE-2023-23313derived from NVD
vigor2927ax firmwareNVD
Affected:< 4.4.2.3Fixed in:4.4.2.3CVE-2023-23313derived from NVD
vigor2927f firmwareNVD
Affected:< 4.4.2.3Fixed in:4.4.2.3CVE-2023-23313derived from NVD
vigor2927l firmwareNVD
Affected:< 4.4.2.3Fixed in:4.4.2.3CVE-2023-23313derived from NVD
vigor2927lac firmwareNVD
Affected:< 4.4.2.3Fixed in:4.4.2.3CVE-2023-23313derived from NVD
vigor2927vac firmwareNVD
Affected:< 4.4.2.3Fixed in:4.4.2.3CVE-2023-23313derived from NVD
vigor2952 firmwareNVD
Affected:< 3.9.7.4Fixed in:3.9.7.4CVE-2023-23313derived from NVD
vigor2952p firmwareNVD
Affected:< 3.9.7.4Fixed in:3.9.7.4CVE-2023-23313derived from NVD
vigor2962 firmwareNVD
Affected:< 4.3.2.2Fixed in:4.3.2.2CVE-2023-23313derived from NVD
vigor2962p firmwareNVD
Affected:< 4.3.2.2Fixed in:4.3.2.2CVE-2023-23313derived from NVD
vigor3220 firmwareNVD
Affected:< 3.9.7.4Fixed in:3.9.7.4CVE-2023-23313derived from NVD
vigor3910 firmwareNVD
Affected:< 4.3.2.2Fixed in:4.3.2.2CVE-2023-23313derived from NVD
vigornic 132 firmwareNVD
Affected:< 3.8.5.1Fixed in:3.8.5.1CVE-2023-23313derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged

Impact

ConfidentialityLow
IntegrityLow
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploit Intelligence

0.36%probability of exploitation in 30 days
28thpercentile

Low risk: more likely to be exploited than 28% of all known CVEs.

References

Vendor Advisory1
Third-Party Advisory1

Related Vulnerabilities

Other CWE-79 (Cross-Site Scripting (XSS)) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2020-11022Medium6.999%-Fix
CVE-2019-3929Critical9.899%KEVFix
CVE-2020-9496Medium6.199%--
CVE-2023-28341Medium6.199%-Fix
CVE-2018-12998Medium6.198%--
CVE-2025-4123High7.698%-Fix
Embed a live status badge for CVE-2023-23313
CVE-2023-23313 severity badge

Markdown

[![CVE-2023-23313](https://tridentstack.com/cve/badge/CVE-2023-23313.svg)](https://tridentstack.com/cve/CVE-2023-23313)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-23313"><img src="https://tridentstack.com/cve/badge/CVE-2023-23313.svg" alt="CVE-2023-23313"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-10-07.