CVE-2024-41591

MEDIUM EPSS 16.1%
Published Oct 3, 20241y ago · Modified Jun 17, 20261w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Oct 3, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
16.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 51

VendorProductVersionRange
draytekvigor2620_firmware*any
draytekvigor2620*any
draytekvigor2915_firmware* <4.4.5.3
draytekvigor2915*any
draytekvigor2866_firmware* <4.4.5.2
draytekvigor2866*any
draytekvigor2766_firmware* <4.4.5.3
draytekvigor2766*any
draytekvigor2865_firmware* <4.4.5.2
draytekvigor2865*any
draytekvigor2765_firmware* <4.4.5.3
draytekvigor2765*any
draytekvigor2763_firmware* <4.4.5.3
draytekvigor2763*any
draytekvigor2135_firmware* <4.4.5.3
draytekvigor2135*any
draytekvigor166_firmware* <4.2.7
draytekvigor166*any
draytekvigor1000b_firmware* <4.3.2.8
draytekvigor1000b_firmware*≥4.4.0.0  –  <4.4.3.1
draytekvigor1000b*any
draytekvigor165_firmware* <4.2.7
draytekvigor165*any
draytekvigor3910_firmware* <4.3.2.8
draytekvigor3910_firmware*≥4.4.0.0  –  <4.4.3.1
draytekvigor3910*any
draytekvigor2962_firmware* <4.3.2.8
draytekvigor2962_firmware*≥4.4.0.0  –  <4.4.3.1
draytekvigor2962*any
draytekvigor3912_firmware* <4.3.6.1
draytekvigor3912*any
draytekvigorlte200_firmware*any
draytekvigorlte200*any
draytekvigor2133_firmware*any
draytekvigor2133*any
draytekvigor2762_firmware*any
draytekvigor2762*any
draytekvigor2832_firmware*any
draytekvigor2832*any
draytekvigor2860_firmware*any
draytekvigor2860*any
draytekvigor2862_firmware*any
draytekvigor2862*any
draytekvigor2925_firmware*any
draytekvigor2925*any
draytekvigor2926_firmware*any
draytekvigor2926*any
draytekvigor2952_firmware*any
draytekvigor2952*any
draytekvigor3220_firmware*any
draytekvigor3220*any

References 2

  • forescout.com https://www.forescout.com/resources/draybreak-draytek-research/
    MitigationTechnical DescriptionThird Party Advisory
  • forescout.com https://www.forescout.com/resources/draytek14-vulnerabilities
    Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.