CVE-2023-23313

6.1

MEDIUM CVSS 3.1

Draytek Router CSRF and XSS Vulnerabilities

Description

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.

INFO

Published Date :

March 3, 2023, 10:15 p.m.

Last Modified :

Oct. 7, 2025, 7 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

Affected Products

The following products are affected by CVE-2023-23313 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Draytek	vigor2860_firmware
2	Draytek	vigor2860n_firmware
3	Draytek	vigor2860n-plus_firmware
4	Draytek	vigor2860vn-plus_firmware
5	Draytek	vigor2860ac_firmware
6	Draytek	vigor2860vac_firmware
7	Draytek	vigor2860l_firmware
8	Draytek	vigor2860ln_firmware
9	Draytek	vigor2832_firmware
10	Draytek	vigor2832n_firmware
11	Draytek	vigor2766_firmware
12	Draytek	vigor2766ax_firmware
13	Draytek	vigor2766ac_firmware
14	Draytek	vigor2766vac_firmware
15	Draytek	vigor2765_firmware
16	Draytek	vigor2765ax_firmware
17	Draytek	vigor2765ac_firmware
18	Draytek	vigor2765va_firmware
19	Draytek	vigor2763_firmware
20	Draytek	vigor2763ac_firmware
21	Draytek	vigor2762_firmware
22	Draytek	vigor2762n_firmware
23	Draytek	vigor2762ac_firmware
24	Draytek	vigor2762vac_firmware
25	Draytek	vigor2135_firmware
26	Draytek	vigor2135ax_firmware
27	Draytek	vigor2135ac_firmware
28	Draytek	vigor2135vac_firmware
29	Draytek	vigor2135fvac_firmware
30	Draytek	vigor2133_firmware
31	Draytek	vigor2133n_firmware
32	Draytek	vigor2133ac_firmware
33	Draytek	vigor2133vac_firmware
34	Draytek	vigor2133fvac_firmware
35	Draytek	vigor166_firmware
36	Draytek	vigor165_firmware
37	Draytek	vigor130_firmware
38	Draytek	vigornic_132_firmware
39	Draytek	virgor3910_firmware
40	Draytek	virgor3220_firmware
41	Draytek	virgor2962_firmware
42	Draytek	virgor2962p_firmware
43	Draytek	virgor1000b_firmware
44	Draytek	virgor2952_firmware
45	Draytek	virgor2952p_firmware
46	Draytek	virgor2927_firmware
47	Draytek	virgor2927ax_firmware
48	Draytek	virgor2927ac_firmware
49	Draytek	virgor2927vac_firmware
50	Draytek	virgor2927f_firmware
51	Draytek	virgor2927l_firmware
52	Draytek	virgor2927lac_firmware
53	Draytek	virgor2926_firmware
54	Draytek	virgor2926n_firmware
55	Draytek	virgor2926ac_firmware
56	Draytek	virgor2926vac_firmware
57	Draytek	virgor2926l_firmware
58	Draytek	virgor2926ln_firmware
59	Draytek	virgor2926lac_firmware
60	Draytek	virgor2925_firmware
61	Draytek	virgor2925n_firmware
62	Draytek	virgor2925n-plus_firmware
63	Draytek	virgor2925vn-plus_firmware
64	Draytek	virgor2925ac_firmware
65	Draytek	virgor2925vac_firmware
66	Draytek	virgor2925fn_firmware
67	Draytek	virgor2925l_firmware
68	Draytek	virgor2925ln_firmware
69	Draytek	virgor2915_firmware
70	Draytek	virgor2915ac_firmware
71	Draytek	virgor2866_firmware
72	Draytek	virgor2866ax_firmware
73	Draytek	virgor2866ac_firmware
74	Draytek	virgor2866vac_firmware
75	Draytek	virgor2866l_firmware
76	Draytek	virgor2866lac_firmware
77	Draytek	virgor2865_firmware
78	Draytek	virgor2865ax_firmware
79	Draytek	virgor2865ac_firmware
80	Draytek	virgor2865vac_firmware
81	Draytek	virgor2865l_firmware
82	Draytek	virgor2865lac_firmware
83	Draytek	virgor2862_firmware
84	Draytek	virgor2862n_firmware
85	Draytek	virgor2862ac_firmware
86	Draytek	virgor2862vac_firmware
87	Draytek	virgor2862b_firmware
88	Draytek	virgor2862bn_firmware
89	Draytek	virgor2862l_firmware
90	Draytek	virgor2862ln_firmware
91	Draytek	virgor2862lac_firmware
92	Draytek	vigor2925_firmware
93	Draytek	vigor3910_firmware
94	Draytek	vigor1000b_firmware
95	Draytek	vigor2962_firmware
96	Draytek	vigor2962p_firmware
97	Draytek	vigor2927_firmware
98	Draytek	vigor2927ax_firmware
99	Draytek	vigor2927ac_firmware
100	Draytek	vigor2927vac_firmware
101	Draytek	vigor2927l_firmware
102	Draytek	vigor2927lac_firmware
103	Draytek	vigor2915_firmware
104	Draytek	vigor2915ac_firmware
105	Draytek	vigor2952_firmware
106	Draytek	vigor2952p_firmware
107	Draytek	vigor3220_firmware
108	Draytek	vigor2926_firmware
109	Draytek	vigor2926n_firmware
110	Draytek	vigor2926ac_firmware
111	Draytek	vigor2926vac_firmware
112	Draytek	vigor2926l_firmware
113	Draytek	vigor2926ln_firmware
114	Draytek	vigor2926lac_firmware
115	Draytek	vigor2862_firmware
116	Draytek	vigor2862n_firmware
117	Draytek	vigor2862ac_firmware
118	Draytek	vigor2862vac_firmware
119	Draytek	vigor2862b_firmware
120	Draytek	vigor2862bn_firmware
121	Draytek	vigor2862l_firmware
122	Draytek	vigor2862ln_firmware
123	Draytek	vigor2862lac_firmware
124	Draytek	vigor2865_firmware
125	Draytek	vigor2865ax_firmware
126	Draytek	vigor2865ac_firmware
127	Draytek	vigor2865vac_firmware
128	Draytek	vigor2865l_firmware
129	Draytek	vigor2865lac_firmware
130	Draytek	vigor2866_firmware
131	Draytek	vigor2866ax_firmware
132	Draytek	vigor2866ac_firmware
133	Draytek	vigor2866vac_firmware
134	Draytek	vigor2866l_firmware
135	Draytek	vigor2866lac_firmware
136	Draytek	vigor2927f_firmware
137	Draytek	vigor3910
138	Draytek	vigor3220
139	Draytek	vigor2952
140	Draytek	vigor2926
141	Draytek	vigor2925
142	Draytek	vigor2862
143	Draytek	vigor2860
144	Draytek	vigor2832
145	Draytek	vigor2762
146	Draytek	vigor2133
147	Draytek	vigor2962
148	Draytek	vigor165
149	Draytek	vigor1000b
150	Draytek	vigor166
151	Draytek	vigor2135
152	Draytek	vigor2763
153	Draytek	vigor2765
154	Draytek	vigor2865
155	Draytek	vigor2766
156	Draytek	vigor2866
157	Draytek	vigor2915
158	Draytek	vigor2925ac
159	Draytek	vigor2925fn
160	Draytek	vigor2925n-plus
161	Draytek	vigor2925vac
162	Draytek	vigor2925vn-plus
163	Draytek	vigor2962p
164	Draytek	vigor2927
165	Draytek	vigor2927ax
166	Draytek	vigor2927ac
167	Draytek	vigor2927vac
168	Draytek	vigor2927l
169	Draytek	vigor2927lac
170	Draytek	vigor2915ac
171	Draytek	vigor2952p
172	Draytek	vigor2926n
173	Draytek	vigor2926ac
174	Draytek	vigor2926vac
175	Draytek	vigor2926l
176	Draytek	vigor2926ln
177	Draytek	vigor2926lac
178	Draytek	vigor2862n
179	Draytek	vigor2862ac
180	Draytek	vigor2862vac
181	Draytek	vigor2862b
182	Draytek	vigor2862bn
183	Draytek	vigor2862l
184	Draytek	vigor2862ln
185	Draytek	vigor2862lac
186	Draytek	vigor2133n
187	Draytek	vigor2133ac
188	Draytek	vigor2133vac
189	Draytek	vigor2133fvac
190	Draytek	vigor2762n
191	Draytek	vigor2762ac
192	Draytek	vigor2762vac
193	Draytek	vigor2135ac
194	Draytek	vigor2135vac
195	Draytek	vigor2135fvac
196	Draytek	vigor2765ac
197	Draytek	vigor2766ac
198	Draytek	vigor2766vac
199	Draytek	vigor2865ax
200	Draytek	vigor2865ac
201	Draytek	vigor2865vac
202	Draytek	vigor2865l
203	Draytek	vigor2865lac
204	Draytek	vigor2866ax
205	Draytek	vigor2866ac
206	Draytek	vigor2866vac
207	Draytek	vigor2866l
208	Draytek	vigor2866lac
209	Draytek	vigor2860n
210	Draytek	vigor2860n-plus
211	Draytek	vigor2860vn-plus
212	Draytek	vigor2860ac
213	Draytek	vigor2860vac
214	Draytek	vigor2860l
215	Draytek	vigor2860ln
216	Draytek	vigor2832n
217	Draytek	vigor2766ax
218	Draytek	vigor2765ax
219	Draytek	vigor2765va
220	Draytek	vigor2763ac
221	Draytek	vigor2135ax
222	Draytek	vigor130
223	Draytek	vigornic_132
224	Draytek	virgor3910
225	Draytek	virgor3220
226	Draytek	virgor2962
227	Draytek	virgor2962p
228	Draytek	virgor1000b
229	Draytek	virgor2952
230	Draytek	virgor2952p
231	Draytek	virgor2927
232	Draytek	virgor2927ax
233	Draytek	virgor2927ac
234	Draytek	virgor2927vac
235	Draytek	virgor2927f
236	Draytek	virgor2927l
237	Draytek	virgor2927lac
238	Draytek	virgor2926
239	Draytek	virgor2926n
240	Draytek	virgor2926ac
241	Draytek	virgor2926vac
242	Draytek	virgor2926l
243	Draytek	virgor2926ln
244	Draytek	virgor2926lac
245	Draytek	virgor2925
246	Draytek	virgor2925n
247	Draytek	virgor2925n-plus
248	Draytek	virgor2925vn-plus
249	Draytek	virgor2925ac
250	Draytek	virgor2925vac
251	Draytek	virgor2925fn
252	Draytek	virgor2925l
253	Draytek	virgor2925ln
254	Draytek	virgor2915
255	Draytek	virgor2915ac
256	Draytek	virgor2866
257	Draytek	virgor2866ax
258	Draytek	virgor2866ac
259	Draytek	virgor2866vac
260	Draytek	virgor2866l
261	Draytek	virgor2866lac
262	Draytek	virgor2865
263	Draytek	virgor2865ax
264	Draytek	virgor2865ac
265	Draytek	virgor2865vac
266	Draytek	virgor2865l
267	Draytek	virgor2865lac
268	Draytek	virgor2862
269	Draytek	virgor2862n
270	Draytek	virgor2862ac
271	Draytek	virgor2862vac
272	Draytek	virgor2862b
273	Draytek	virgor2862bn
274	Draytek	virgor2862l
275	Draytek	virgor2862ln
276	Draytek	virgor2862lac
277	Draytek	vigor2927f
278	Draytek	vigor2925n_firmware
279	Draytek	vigor2925n
280	Draytek	vigor2925n-plus_firmware
281	Draytek	vigor2925vn-plus_firmware
282	Draytek	vigor2925ac_firmware
283	Draytek	vigor2925vac_firmware
284	Draytek	vigor2925fn_firmware
285	Draytek	vigor2925l_firmware
286	Draytek	vigor2925l
287	Draytek	vigor2925ln_firmware
288	Draytek	vigor2925ln

: Total Affected Vendor : 1 | Products : 288

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	MEDIUM				[email protected]
	CVSS 3.1	MEDIUM				134c704f-9b21-4f2e-91b3-4a467353bcc0

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-23313.

URL	Resource
https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/	Vendor Advisory
https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313	Third Party Advisory
https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/	Vendor Advisory
https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313	Third Party Advisory

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-23313 is associated with the following CWEs:

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-23313 weaknesses.

CAPEC-63: Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) CAPEC-85: AJAX Footprinting AJAX Footprinting CAPEC-209: XSS Using MIME Type Mismatch XSS Using MIME Type Mismatch CAPEC-588: DOM-Based XSS DOM-Based XSS CAPEC-591: Reflected XSS Reflected XSS CAPEC-592: Stored XSS Stored XSS

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-23313 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-23313 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Modified Analysis by [email protected]

Oct. 07, 2025

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Mar. 07, 2025

Action	Type	Old Value	New Value
Added	CVSS V3.1		AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Added	CWE		CWE-79

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	Old Value	New Value
Added	Reference		https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/
Added	Reference		https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

CVE Modified by [email protected]

Nov. 07, 2023

Action	Type	Old Value	New Value
Added	Reference		MITRE https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/ [No types assigned]
Removed	Reference	MITRE https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-(cve-2023-23313)/

CVE Modified by [email protected]

May. 19, 2023

Action	Type	Old Value	New Value
Removed	Reference	https://www.horizonsecurity.it/lang_EN/advisories/?a=22&title=Multiple+XSS+Stored+in+DrayTek+routers+web+interface++CVE202323313 [Third Party Advisory]
Added	Reference		https://www.horizonconsulting.com/advisories23-Multiple-XSS-Stored-in-DrayTek-routers-CVE-2023-23313 [No Types Assigned]

Initial Analysis by [email protected]

Mar. 10, 2023

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Changed	Reference Type	https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-(cve-2023-23313)/ No Types Assigned	https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-(cve-2023-23313)/ Vendor Advisory
Changed	Reference Type	https://www.horizonsecurity.it/lang_EN/advisories/?a=22&title=Multiple+XSS+Stored+in+DrayTek+routers+web+interface++CVE202323313 No Types Assigned	https://www.horizonsecurity.it/lang_EN/advisories/?a=22&title=Multiple+XSS+Stored+in+DrayTek+routers+web+interface++CVE202323313 Third Party Advisory
Added	CWE		NIST CWE-79
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2860_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:vigor2860:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2860n_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:vigor2860n:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2860n-plus_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:vigor2860n-plus:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2860vn-plus_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:vigor2860vn-plus:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2860ac_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:vigor2860ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2860vac_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:vigor2860vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2860l_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:vigor2860l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2860ln_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:vigor2860ln:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2832_firmware::::::::* versions up to (excluding) 3.9.6.3 OR cpe:2.3:h:draytek:vigor2832:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2832n_firmware::::::::* versions up to (excluding) 3.9.6.3 OR cpe:2.3:h:draytek:vigor2832n:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2766_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2766:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2766ax_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2766ax:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2766ac_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2766ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2766vac_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2766vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2765_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2765:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2765ax_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2765ax:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2765ac_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2765ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2765va_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2765va:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2763_firmware::::::::* versions up to (excluding) 4.4.2.2 OR cpe:2.3:h:draytek:vigor2763:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2763ac_firmware::::::::* versions up to (excluding) 4.4.2.2 OR cpe:2.3:h:draytek:vigor2763ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2762_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2762:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2762n_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2762n:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2762ac_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2762ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2762vac_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2762vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2135_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2135:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2135ax_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2135ax:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2135ac_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2135ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2135vac_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2135vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2135fvac_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:vigor2135fvac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2133_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2133:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2133n_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2133n:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2133ac_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2133ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2133vac_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2133vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor2133fvac_firmware::::::::* versions up to (excluding) 3.9.6.5 OR cpe:2.3:h:draytek:vigor2133fvac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor166_firmware::::::::* versions up to (excluding) 4.2.4.1 OR cpe:2.3:h:draytek:vigor166:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor165_firmware::::::::* versions up to (excluding) 4.2.4.1 OR cpe:2.3:h:draytek:vigor165:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigor130_firmware::::::::* versions up to (excluding) 3.8.5.1 OR cpe:2.3:h:draytek:vigor130:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:vigornic_132_firmware::::::::* versions up to (excluding) 3.8.5.1 OR cpe:2.3:h:draytek:vigornic_132:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor3910_firmware::::::::* versions up to (excluding) 4.3.2.2 OR cpe:2.3:h:draytek:virgor3910:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor3220_firmware::::::::* versions up to (excluding) 3.9.7.4 OR cpe:2.3:h:draytek:virgor3220:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2962_firmware::::::::* versions up to (excluding) 4.3.2.2 OR cpe:2.3:h:draytek:virgor2962:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2962p_firmware::::::::* versions up to (excluding) 4.3.2.2 OR cpe:2.3:h:draytek:virgor2962p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor1000b_firmware::::::::* versions up to (excluding) 4.3.2.2 OR cpe:2.3:h:draytek:virgor1000b:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2952_firmware::::::::* versions up to (excluding) 3.9.7.4 OR cpe:2.3:h:draytek:virgor2952:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2952p_firmware::::::::* versions up to (excluding) 3.9.7.4 OR cpe:2.3:h:draytek:virgor2952p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2927_firmware::::::::* versions up to (excluding) 4.4.2.3 OR cpe:2.3:h:draytek:virgor2927:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2927ax_firmware::::::::* versions up to (excluding) 4.4.2.3 OR cpe:2.3:h:draytek:virgor2927ax:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2927ac_firmware::::::::* versions up to (excluding) 4.4.2.3 OR cpe:2.3:h:draytek:virgor2927ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2927vac_firmware::::::::* versions up to (excluding) 4.4.2.3 OR cpe:2.3:h:draytek:virgor2927vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2927f_firmware::::::::* versions up to (excluding) 4.4.2.3 OR cpe:2.3:h:draytek:virgor2927f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2927l_firmware::::::::* versions up to (excluding) 4.4.2.3 OR cpe:2.3:h:draytek:virgor2927l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2927lac_firmware::::::::* versions up to (excluding) 4.4.2.3 OR cpe:2.3:h:draytek:virgor2927lac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2926_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2926:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2926n_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2926n:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2926ac_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2926ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2926vac_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2926vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2926l_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2926l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2926ln_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2926ln:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2926lac_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2926lac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925n_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925n:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925n-plus_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925n-plus:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925vn-plus_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925vn-plus:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925ac_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925vac_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925fn_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925fn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925l_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2925ln_firmware::::::::* versions up to (excluding) 3.9.4 OR cpe:2.3:h:draytek:virgor2925ln:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2915_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:virgor2915:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2915ac_firmware::::::::* versions up to (excluding) 4.4.2.1 OR cpe:2.3:h:draytek:virgor2915ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2866_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2866:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2866ax_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2866ax:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2866ac_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2866ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2866vac_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2866vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2866l_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2866l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2866lac_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2866lac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2865_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2865:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2865ax_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2865ax:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2865ac_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2865ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2865vac_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2865vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2865l_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2865l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2865lac_firmware::::::::* versions up to (excluding) 4.4.1.1 OR cpe:2.3:h:draytek:virgor2865lac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862n_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862n:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862ac_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862ac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862vac_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862vac:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862b_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862b:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862bn_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862bn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862l_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862ln_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862ln:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:draytek:virgor2862lac_firmware::::::::* versions up to (excluding) 3.9.9.1 OR cpe:2.3:h:draytek:virgor2862lac:-:::::::*

CVE Modified by [email protected]

Mar. 06, 2023

Action	Type	Old Value	New Value
Removed	Reference	http://vigor3910vigor1000bvigor2962.com [No Types Assigned]
Added	Reference		https://www.horizonsecurity.it/lang_EN/advisories/?a=22&title=Multiple+XSS+Stored+in+DrayTek+routers+web+interface++CVE202323313 [No Types Assigned]

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

Browse by Apps

CVE-2023-23313

Draytek Router CSRF and XSS Vulnerabilities

Description

INFO

March 3, 2023, 10:15 p.m.

Oct. 7, 2025, 7 p.m.

Yes !

[email protected]

Affected Products

CVSS Scores

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Modified Analysis by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 6.1

Exploit Prediction

0.74 }} 0.59%

0.72060

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable