Details of VAR-202005-1111

ID

VAR-202005-1111

TITLE

Draytek VigorAP cross-site scripting vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-28034

DESCRIPTION

Draytek VigorAP is an 11ac Wave 2 dual-band wireless mesh access point with a port LAN switch. Draytek VigorAP has a cross-site scripting vulnerability. Attackers can use vulnerabilities to use non-persistent attack vectors to inject their own malicious script code to disrupt client requests from browsers to web applications.

Trust: 0.6

sources: CNVD: CNVD-2020-28034

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-28034

AFFECTED PRODUCTS

vendor:	draytek	model:	vigorap 1000c	scope:	eq	version:	1.3.2	Trust: 0.6
vendor:	draytek	model:	vigorap	scope:	eq	version:	7001.11	Trust: 0.6
vendor:	draytek	model:	vigorap	scope:	eq	version:	7101.2.5	Trust: 0.6
vendor:	draytek	model:	vigorap	scope:	eq	version:	8001.1.4	Trust: 0.6
vendor:	draytek	model:	vigorap	scope:	eq	version:	8021.3.2	Trust: 0.6
vendor:	draytek	model:	vigorap	scope:	eq	version:	8101.2.5	Trust: 0.6
vendor:	draytek	model:	vigorap	scope:	eq	version:	9001.2.0	Trust: 0.6
vendor:	draytek	model:	vigorap	scope:	eq	version:	9031.2.5	Trust: 0.6
vendor:	draytek	model:	vigorap 910c	scope:	eq	version:	1.2.5	Trust: 0.6
vendor:	draytek	model:	vigorap 912c	scope:	eq	version:	1.3.2	Trust: 0.6
vendor:	draytek	model:	vigorap 918r series	scope:	eq	version:	1.3.2	Trust: 0.6
vendor:	draytek	model:	vigorap 920r series	scope:	eq	version:	1.3.0	Trust: 0.6

sources: CNVD: CNVD-2020-28034

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-28034
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-28034
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-28034

EXTERNAL IDS

db:	EXPLOITALERT	id:	35473	Trust: 0.6
db:	CNVD	id:	CNVD-2020-28034	Trust: 0.6

sources: CNVD: CNVD-2020-28034

REFERENCES

url:

https://www.exploitalert.com/view-details.html?id=35473

Trust: 0.6

sources: CNVD: CNVD-2020-28034

SOURCES

db:

CNVD

id:

CNVD-2020-28034

LAST UPDATE DATE

2022-05-17T02:01:01.034000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-28034

date:

2020-05-13T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-28034

date:

2020-05-12T00:00:00