Stored XSS Vulnerability in DrayTek Vigor310 Devices
CVE-2024-41587

5.4MEDIUM

Key Information:

Vendor

DrayTek
Status
Vigor3910 Firmware
Vendor
CVE Published:
3 October 2024

What is CVE-2024-41587?

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.

References

https://www.forescout.com/resources/draytek14-vulnerabili...
https://www.forescout.com/resources/draybreak-draytek-res...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.