Sign-up

ID

VAR-202410-0186


CVE

CVE-2024-41591


TITLE

plural  DrayTek Corporation  Cross-site scripting vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-009985

DESCRIPTION

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. vigor2620 firmware, vigor2915 firmware, vigor2866 firmware etc. DrayTek Corporation A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-41591 // JVNDB: JVNDB-2024-009985

AFFECTED PRODUCTS

vendor:draytekmodel:vigor2866scope:ltversion:4.4.5.2

Trust: 1.0

vendor:draytekmodel:vigor3910scope:ltversion:4.4.3.1

Trust: 1.0

vendor:draytekmodel:vigor3912scope:ltversion:4.3.6.1

Trust: 1.0

vendor:draytekmodel:vigor3910scope:ltversion:4.3.2.8

Trust: 1.0

vendor:draytekmodel:vigor2832scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2860scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.4.3.1

Trust: 1.0

vendor:draytekmodel:vigor165scope:ltversion:4.2.7

Trust: 1.0

vendor:draytekmodel:vigor2925scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2763scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.3.2.8

Trust: 1.0

vendor:draytekmodel:vigor2915scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigorlte200scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2926scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor3220scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2135scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2952scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2762scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2865scope:ltversion:4.4.5.2

Trust: 1.0

vendor:draytekmodel:vigor2962scope:gteversion:4.4.0.0

Trust: 1.0

vendor:draytekmodel:vigor2765scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2620scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2766scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor1000bscope:ltversion:4.4.3.1

Trust: 1.0

vendor:draytekmodel:vigor2862scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor3910scope:gteversion:4.4.0.0

Trust: 1.0

vendor:draytekmodel:vigor166scope:ltversion:4.2.7

Trust: 1.0

vendor:draytekmodel:vigor1000bscope:ltversion:4.3.2.8

Trust: 1.0

vendor:draytekmodel:vigor2133scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor1000bscope:gteversion:4.4.0.0

Trust: 1.0

vendor:draytekmodel:vigor2766scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2866scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2765scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2865scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor165scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2962scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3910scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2133scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2762scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigorlte200scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor1000bscope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2915scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3912scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2620scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2763scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2135scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor166scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-009985 // NVD: CVE-2024-41591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-41591
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-41591
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2024-41591
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2024-41591
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-009985 // NVD: CVE-2024-41591

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-009985 // NVD: CVE-2024-41591

EXTERNAL IDS

db:NVDid:CVE-2024-41591

Trust: 2.6

db:JVNDBid:JVNDB-2024-009985

Trust: 0.8

sources: JVNDB: JVNDB-2024-009985 // NVD: CVE-2024-41591

REFERENCES

url:https://www.forescout.com/resources/draybreak-draytek-research/

Trust: 1.8

url:https://www.forescout.com/resources/draytek14-vulnerabilities

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-41591

Trust: 0.8

sources: JVNDB: JVNDB-2024-009985 // NVD: CVE-2024-41591

SOURCES

db:JVNDBid:JVNDB-2024-009985
db:NVDid:CVE-2024-41591

LAST UPDATE DATE

2024-10-11T23:01:21.952000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-009985date:2024-10-09T01:14:00
db:NVDid:CVE-2024-41591date:2024-10-08T15:34:46.453

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-009985date:2024-10-09T00:00:00
db:NVDid:CVE-2024-41591date:2024-10-03T19:15:04.560