First published: Fri Oct 22 2021(Updated: )
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Draytek Vigorap 1000c Firmware | =1.3.2 | |
Draytek VigorAP 1000C | ||
Draytek Vigorap 700 Firmware | =1.11 | |
Draytek Vigorap 700 | ||
Draytek Vigorap 710 Firmware | =1.2.5 | |
Draytek Vigorap 710 | ||
Draytek Vigorap 800 Firmware | =1.1.4 | |
Draytek Vigorap 800 | ||
Draytek Vigorap 802 Firmware | =1.3.2 | |
Draytek Vigorap 802 | ||
Draytek Vigorap 810 Firmware | =1.2.5 | |
Draytek Vigorap 810 | ||
Draytek Vigorap 900 Firmware | =1.2.0 | |
Draytek Vigorap 900 | ||
Draytek Vigorap 902 Firmware | =1.2.5 | |
Draytek Vigorap 902 | ||
Draytek Vigorap 903 Firmware | =1.3.1 | |
Draytek Vigorap 903 | ||
Draytek Vigorap 910c Firmware | =1.2.5 | |
Draytek Vigorap 910c | ||
Draytek Vigorap 912c Firmware | =1.3.2 | |
Draytek Vigorap 912c | ||
Draytek Vigorap 918r Firmware | =1.3.2 | |
Draytek Vigorap 918r | ||
Draytek Vigorap 920r Firmware | =1.3.0 | |
Draytek Vigorap 920r |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28968 is a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module of Draytek VigorAP 1000C.
CVE-2020-28968 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28968 has a severity rating of medium with a CVSS score of 5.4.
Draytek VigorAP 1000C firmware version 1.3.2 is affected by CVE-2020-28968.
There is currently no official patch for CVE-2020-28968. It is recommended to contact the vendor for further guidance and to follow good security practices, such as input validation and sanitization.