CVE-2024-41591

nvd nist

Published: Oct 3, 2024Modified: Mar 14, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.

Affected (27)

Products: Draytek: Vigor2620 Firmware, Vigor2915 Firmware, Vigor2866 Firmware, Vigor2766 Firmware, Vigor2865 Firmware, Vigor2765 Firmware, Vigor2763 Firmware, Vigor2135 Firmware, Vigor166 Firmware, Vigor1000b Firmware, Vigor165 Firmware, Vigor3910 Firmware, Vigor2962 Firmware, Vigor3912 Firmware, Vigorlte200 Firmware, Vigor2133 Firmware, Vigor2762 Firmware, Vigor2832 Firmware, Vigor2860 Firmware, Vigor2862 Firmware, Vigor2925 Firmware, Vigor2926 Firmware, Vigor2952 Firmware, Vigor3220 Firmware

24 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2620 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2620	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2915 Firmware	Before 4.4.5.3

Running on/with	Platform Versions
Draytek Vigor2915	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2866 Firmware	Before 4.4.5.2

Running on/with	Platform Versions
Draytek Vigor2866	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2766 Firmware	Before 4.4.5.3

Running on/with	Platform Versions
Draytek Vigor2766	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2865 Firmware	Before 4.4.5.2

Running on/with	Platform Versions
Draytek Vigor2865	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2765 Firmware	Before 4.4.5.3

Running on/with	Platform Versions
Draytek Vigor2765	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2763 Firmware	Before 4.4.5.3

Running on/with	Platform Versions
Draytek Vigor2763	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2135 Firmware	Before 4.4.5.3

Running on/with	Platform Versions
Draytek Vigor2135	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor166 Firmware	Before 4.2.7

Running on/with	Platform Versions
Draytek Vigor166	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor1000b Firmware	Before 4.3.2.8
Draytek Vigor1000b Firmware	From 4.4.0.0 to 4.4.3.1

Running on/with	Platform Versions
Draytek Vigor1000b	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor165 Firmware	Before 4.2.7

Running on/with	Platform Versions
Draytek Vigor165	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor3910 Firmware	Before 4.3.2.8
Draytek Vigor3910 Firmware	From 4.4.0.0 to 4.4.3.1

Running on/with	Platform Versions
Draytek Vigor3910	All versions

Configuration M

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2962 Firmware	Before 4.3.2.8
Draytek Vigor2962 Firmware	From 4.4.0.0 to 4.4.3.1

Running on/with	Platform Versions
Draytek Vigor2962	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor3912 Firmware	Before 4.3.6.1

Running on/with	Platform Versions
Draytek Vigor3912	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigorlte200 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigorlte200	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2133 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2133	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2762 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2762	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2832 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2832	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2860 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2860	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2862 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2862	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2925 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2925	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2926 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2926	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2952 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor2952	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor3220 Firmware	All versions

Running on/with	Platform Versions
Draytek Vigor3220	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.forescout.com/resources/draybreak-draytek-research/

Source: cve@mitre.org

MitigationTechnical DescriptionThird Party Advisory

https://www.forescout.com/resources/draytek14-vulnerabilities

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.