Vulnerabilites related to draytek - vigor2620_firmware
cve-2023-31447
Vulnerability from cvelistv5
Published
2023-08-21 00:00
Modified
2024-10-07 17:19
Severity ?
Summary
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.
References
https://draytek.com
https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:53:30.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://draytek.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vigor2620",
            "vendor": "draytek",
            "versions": [
              {
                "lessThan": "3.9.8.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31447",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-07T17:17:45.683833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-07T17:19:37.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-21T12:23:59.756827",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://draytek.com"
        },
        {
          "url": "https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-31447",
    "datePublished": "2023-08-21T00:00:00",
    "dateReserved": "2023-04-28T00:00:00",
    "dateUpdated": "2024-10-07T17:19:37.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41593
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 19:13
Severity ?
Summary
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:12:46.197818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T19:13:02.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:29:21.947598",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41593",
    "datePublished": "2024-10-03T00:00:00",
    "dateReserved": "2024-07-18T00:00:00",
    "dateUpdated": "2024-10-03T19:13:02.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41591
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 19:14
Severity ?
Summary
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:14:46.529762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T19:14:57.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:26:22.678110",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41591",
    "datePublished": "2024-10-03T00:00:00",
    "dateReserved": "2024-07-18T00:00:00",
    "dateUpdated": "2024-10-03T19:14:57.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41587
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 20:25
Severity ?
Summary
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T20:24:15.931214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:25:36.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:25:02.832324",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41587",
    "datePublished": "2024-10-03T00:00:00",
    "dateReserved": "2024-07-18T00:00:00",
    "dateUpdated": "2024-10-03T20:25:36.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-41594
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 19:09
Severity ?
Summary
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:09:26.192252Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T19:09:40.490Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:29:39.340103",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41594",
    "datePublished": "2024-10-03T00:00:00",
    "dateReserved": "2024-07-18T00:00:00",
    "dateUpdated": "2024-10-03T19:09:40.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2024-10-08 15:34
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS."
    },
    {
      "lang": "es",
      "value": "Los dispositivos DrayTek Vigor3910 hasta 4.3.2.6 permiten XSS reflejado basado en DOM no autenticado."
    }
  ],
  "id": "CVE-2024-41591",
  "lastModified": "2024-10-08T15:34:46.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.560",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-08-21 17:15
Modified
2024-11-21 08:01
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.
References
cve@mitre.orghttps://draytek.comProduct
cve@mitre.orghttps://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://draytek.comProduct
af854a3a-2127-422b-91ae-364da2661108https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4Third Party Advisory
Impacted products
Vendor Product Version
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2625_firmware *
draytek vigor2625 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18E724C-1F47-4EAD-81DB-EF77A5062CBD",
              "versionEndExcluding": "3.9.8.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2625_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7266D30A-F72B-417F-A9FC-AA13568F5BE3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2625:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4847017B-E2E6-428E-BB7E-B73563C89F3D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code."
    }
  ],
  "id": "CVE-2023-31447",
  "lastModified": "2024-11-21T08:01:52.957",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-21T17:15:46.847",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://draytek.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://draytek.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2024-10-08 15:31
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL."
    },
    {
      "lang": "es",
      "value": "Un problema en los dispositivos DrayTek Vigor310 hasta la versi\u00f3n 4.3.2.6 permite a un atacante obtener informaci\u00f3n confidencial porque el servidor httpd de la interfaz de administraci\u00f3n de Vigor utiliza una cadena est\u00e1tica para inicializar el PRNG de OpenSSL."
    }
  ],
  "id": "CVE-2024-41594",
  "lastModified": "2024-10-08T15:31:47.907",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.800",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2024-10-08 15:35
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow."
    },
    {
      "lang": "es",
      "value": "Los dispositivos DrayTek Vigor310 hasta 4.3.2.6 permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n ft_payload_dns(), porque se produce una operaci\u00f3n de extensi\u00f3n de signo de byte para el argumento de longitud de una llamada _memcpy, lo que lleva a un desbordamiento de b\u00fafer basado en el mont\u00f3n."
    }
  ],
  "id": "CVE-2024-41593",
  "lastModified": "2024-10-08T15:35:04.583",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.740",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2024-10-08 15:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6."
    },
    {
      "lang": "es",
      "value": "El XSS almacenado, por parte de usuarios autenticados, es causado por una mala desinfecci\u00f3n del mensaje de saludo de la p\u00e1gina de inicio de sesi\u00f3n en los dispositivos DrayTek Vigor310 hasta 4.3.2.6."
    }
  ],
  "id": "CVE-2024-41587",
  "lastModified": "2024-10-08T15:32:18.313",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.310",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}