Draytek Security Advisory (Priority Critical): Cross-Site Scripting vulnerability (CVE-2023-23313)

JasonM · 11 Mar 2023 at 01:21

Heads up, Draytek has released a critical firmware for a cross-site scripting vulnerability, dated 02/03/2023.

Looks like it effects most Draytek routers, I've just updated my 2860n.

Security Advisory: Cross-Site Scripting vulnerability (CVE-2023-23313)

DrayTek - Routers, Switches, Access Points, Central Management, 4G/5G, Firewalls and VPN

www.draytek.co.uk

Caged · 11 Mar 2023 at 13:04

Cheers, just updated the Vigor 130, not that you can ever get to the web UI but better safe than sorry.

Stu999 · 11 Mar 2023 at 15:26

Thanks for the heads up.

kitfit1 · 11 Mar 2023 at 20:51

Caged said:
Cheers, just updated the Vigor 130, not that you can ever get to the web UI but better safe than sorry.

Just done the same for my Vigor 130 as well.
Thanks for the heads up @JasonM.

JasonM · 22 Nov 2024 at 21:03

Another heads up. There is another critical update for the Vigor 2860, released 21/11/24 (yesterday). I've not checked other Draytek routers but probably worth checking.

Vigor 2860

DrayTek - Routers, Switches, Access Points, Central Management, 4G/5G, Firewalls and VPN

www.draytek.co.uk