CVE-2024-41591

moderate-risk
Published 2024-10-03

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Vigor2620 Firmware
Vigor2915 Firmware
Vigor2866 Firmware
Vigor2766 Firmware
Vigor2865 Firmware
Vigor2765 Firmware
Vigor2763 Firmware
Vigor2135 Firmware
Vigor166 Firmware
Vigor1000B Firmware
Vigor165 Firmware
Vigor2962 Firmware
Vigor3912 Firmware
Vigorlte200 Firmware
Vigor2133 Firmware
Vigor2762 Firmware
Vigor2832 Firmware
Vigor2860 Firmware
Vigor2862 Firmware

Affected Vendors

Draytek

References (2)

Mitigation https://www.forescout.com/resources/draybreak-draytek-research/
Broken Link https://www.forescout.com/resources/draytek14-vulnerabilities
45
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 1/34 · Minimal
Exposure 21/34 · High