Remote Code Execution Vulnerability in DrayTek Vigor 2700 Router
CVE-2013-5703

Currently unrated

Key Information:

Vendor: Draytek
Status: Vigor 2700 Router Firmware; Vigor 2700 Router
Vendor: CVE Published:; 22 October 2013

What is CVE-2013-5703?

The DrayTek Vigor 2700 router version 2.8.3 is susceptible to a vulnerability that allows remote attackers to execute arbitrary JavaScript code. This can be achieved by injecting a malicious SSID value into the router's configuration, which is improperly handled during the insertion process into the sWlessSurvey variable. Successful exploitation can lead to unauthorized changes in the router settings and manipulation of the DNS cache, exposing users to potential security risks and threats.

References

http://www.kb.cert.org/vuls/id/101462

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 22, 2013

Draytek

What is CVE-2013-5703?

References

Timeline