CVE-2024-41587
Severity Score
5.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-07-18 CVE Reserved
- 2024-10-03 CVE Published
- 2024-10-03 CVE Updated
- 2024-10-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.forescout.com/resources/draybreak-draytek-research | ||
| https://www.forescout.com/resources/draytek14-vulnerabilities |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Draytek Search vendor "Draytek" | Vigor1000b Firmware Search vendor "Draytek" for product "Vigor1000b Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor165 Firmware Search vendor "Draytek" for product "Vigor165 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor166 Firmware Search vendor "Draytek" for product "Vigor166 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2133 Firmware Search vendor "Draytek" for product "Vigor2133 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2135 Firmware Search vendor "Draytek" for product "Vigor2135 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2620 Firmware Search vendor "Draytek" for product "Vigor2620 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2762 Firmware Search vendor "Draytek" for product "Vigor2762 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2763 Firmware Search vendor "Draytek" for product "Vigor2763 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2765 Firmware Search vendor "Draytek" for product "Vigor2765 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2766 Firmware Search vendor "Draytek" for product "Vigor2766 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2832 Firmware Search vendor "Draytek" for product "Vigor2832 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2860 Firmware Search vendor "Draytek" for product "Vigor2860 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2862 Firmware Search vendor "Draytek" for product "Vigor2862 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2865 Firmware Search vendor "Draytek" for product "Vigor2865 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2866 Firmware Search vendor "Draytek" for product "Vigor2866 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2915 Firmware Search vendor "Draytek" for product "Vigor2915 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2925 Firmware Search vendor "Draytek" for product "Vigor2925 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2926 Firmware Search vendor "Draytek" for product "Vigor2926 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2952 Firmware Search vendor "Draytek" for product "Vigor2952 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor2962 Firmware Search vendor "Draytek" for product "Vigor2962 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor3220 Firmware Search vendor "Draytek" for product "Vigor3220 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor3910 Firmware Search vendor "Draytek" for product "Vigor3910 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigor3912 Firmware Search vendor "Draytek" for product "Vigor3912 Firmware" | * | - |
Affected
| ||||||
| Draytek Search vendor "Draytek" | Vigorlte200 Firmware Search vendor "Draytek" for product "Vigorlte200 Firmware" | * | - |
Affected
| ||||||