CVE-2024-41587

moderate-risk
Published 2024-10-03

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Vigor3912 Firmware
Vigor2962 Firmware
Vigor165 Firmware
Vigor1000B Firmware
Vigor166 Firmware
Vigor2135 Firmware
Vigor2763 Firmware
Vigor2765 Firmware
Vigor2865 Firmware
Vigor2766 Firmware
Vigor2866 Firmware
Vigor2915 Firmware
Vigor2620 Firmware
Vigorlte200 Firmware
Vigor2133 Firmware
Vigor2762 Firmware
Vigor2832 Firmware
Vigor2860 Firmware
Vigor2862 Firmware

Affected Vendors

Draytek

References (2)

Mitigation https://www.forescout.com/resources/draybreak-draytek-research/
Broken Link https://www.forescout.com/resources/draytek14-vulnerabilities
43
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 21/34 · High