Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
References
Link | Resource |
---|---|
https://www.forescout.com/resources/draybreak-draytek-research/ | Mitigation Technical Description Third Party Advisory |
https://www.forescout.com/resources/draytek14-vulnerabilities | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
History
04 Oct 2024, 17:28
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CPE | cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:* |
|
First Time |
Draytek vigor3910 Firmware
Draytek vigor3910 Draytek |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | () https://www.forescout.com/resources/draybreak-draytek-research/ - Mitigation, Technical Description, Third Party Advisory | |
References | () https://www.forescout.com/resources/draytek14-vulnerabilities - Broken Link |
04 Oct 2024, 13:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Oct 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-03 19:15
Updated : 2024-10-04 17:28
NVD link : CVE-2024-41587
Mitre link : CVE-2024-41587
CVE.ORG link : CVE-2024-41587
JSON object : View
Products Affected
draytek
- vigor3910
- vigor3910_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')