Vulnerabilites related to draytek - vigorlte200
var-202410-0186
Vulnerability from variot
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. vigor2620 firmware, vigor2915 firmware, vigor2866 firmware etc. DrayTek Corporation A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.2"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.6.1"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2832",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2860",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor2925",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2763",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2915",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigorlte200",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2926",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor3220",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2952",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2762",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.2"
},
{
"model": "vigor2962",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2620",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor2862",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor3910",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2133",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor1000b",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor165",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor1000b",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2915",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3912",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2763",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor166",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009985"
},
{
"db": "NVD",
"id": "CVE-2024-41591"
}
]
},
"cve": "CVE-2024-41591",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-41591",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-41591",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-41591",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-41591",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009985"
},
{
"db": "NVD",
"id": "CVE-2024-41591"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. vigor2620 firmware, vigor2915 firmware, vigor2866 firmware etc. DrayTek Corporation A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41591"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009985"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41591",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009985",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009985"
},
{
"db": "NVD",
"id": "CVE-2024-41591"
}
]
},
"id": "VAR-202410-0186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-10-11T23:01:21.952000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009985"
},
{
"db": "NVD",
"id": "CVE-2024-41591"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"trust": 1.0,
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41591"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009985"
},
{
"db": "NVD",
"id": "CVE-2024-41591"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009985"
},
{
"db": "NVD",
"id": "CVE-2024-41591"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009985"
},
{
"date": "2024-10-03T19:15:04.560000",
"db": "NVD",
"id": "CVE-2024-41591"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T01:14:00",
"db": "JVNDB",
"id": "JVNDB-2024-009985"
},
{
"date": "2024-10-08T15:34:46.453000",
"db": "NVD",
"id": "CVE-2024-41591"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009985"
}
],
"trust": 0.8
}
}
var-202410-0179
Vulnerability from variot
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. vigor2620 firmware, vigor2915 firmware, vigor2866 firmware etc. DrayTek Corporation The product contains a cryptographic strength vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.2"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.6.1"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2832",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2860",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor2925",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2763",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2915",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigorlte200",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2926",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor3220",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2952",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2762",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.2"
},
{
"model": "vigor2962",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2620",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor2862",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor3910",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2133",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor1000b",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor165",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor1000b",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2915",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3912",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2763",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor166",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009984"
},
{
"db": "NVD",
"id": "CVE-2024-41594"
}
]
},
"cve": "CVE-2024-41594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-41594",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-41594",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-41594",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-41594",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009984"
},
{
"db": "NVD",
"id": "CVE-2024-41594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. vigor2620 firmware, vigor2915 firmware, vigor2866 firmware etc. DrayTek Corporation The product contains a cryptographic strength vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41594"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009984"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41594",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009984",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009984"
},
{
"db": "NVD",
"id": "CVE-2024-41594"
}
]
},
"id": "VAR-202410-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-10-10T23:21:46.664000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009984"
},
{
"db": "NVD",
"id": "CVE-2024-41594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"trust": 1.0,
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41594"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009984"
},
{
"db": "NVD",
"id": "CVE-2024-41594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009984"
},
{
"db": "NVD",
"id": "CVE-2024-41594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009984"
},
{
"date": "2024-10-03T19:15:04.800000",
"db": "NVD",
"id": "CVE-2024-41594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T01:14:00",
"db": "JVNDB",
"id": "JVNDB-2024-009984"
},
{
"date": "2024-10-08T15:31:47.907000",
"db": "NVD",
"id": "CVE-2024-41594"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Vulnerability related to encryption strength in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009984"
}
],
"trust": 0.8
}
}
var-202410-0281
Vulnerability from variot
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. vigor3912 firmware, vigor2962 firmware, vigor3910 firmware etc. DrayTek Corporation The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.6.1"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.2"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2832",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2860",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor2925",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2763",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2915",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigorlte200",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2926",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor3220",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2952",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2762",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.2"
},
{
"model": "vigor2962",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2620",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor2862",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor3910",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor2133",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor1000b",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor165",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor1000b",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2915",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3912",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2763",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor166",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009968"
},
{
"db": "NVD",
"id": "CVE-2024-41593"
}
]
},
"cve": "CVE-2024-41593",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-41593",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-41593",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-41593",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2024-41593",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009968"
},
{
"db": "NVD",
"id": "CVE-2024-41593"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. vigor3912 firmware, vigor2962 firmware, vigor3910 firmware etc. DrayTek Corporation The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41593"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009968"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41593",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009968",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009968"
},
{
"db": "NVD",
"id": "CVE-2024-41593"
}
]
},
"id": "VAR-202410-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-10-13T23:21:57.296000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009968"
},
{
"db": "NVD",
"id": "CVE-2024-41593"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"trust": 1.0,
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41593"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009968"
},
{
"db": "NVD",
"id": "CVE-2024-41593"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009968"
},
{
"db": "NVD",
"id": "CVE-2024-41593"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009968"
},
{
"date": "2024-10-03T19:15:04.740000",
"db": "NVD",
"id": "CVE-2024-41593"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:45:00",
"db": "JVNDB",
"id": "JVNDB-2024-009968"
},
{
"date": "2024-10-08T15:35:04.583000",
"db": "NVD",
"id": "CVE-2024-41593"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009968"
}
],
"trust": 0.8
}
}
var-202410-0075
Vulnerability from variot
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. DrayTek Corporation of vigor3910 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.6.1"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.2"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2832",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2860",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor2925",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2763",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2915",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigorlte200",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2926",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor3220",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2952",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2762",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.2"
},
{
"model": "vigor2962",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2620",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.1"
},
{
"model": "vigor2862",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor3910",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor2133",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "*"
},
{
"model": "vigor1000b",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.0.0"
},
{
"model": "vigor3910",
"scope": "eq",
"trust": 0.8,
"vendor": "draytek",
"version": "vigor3910 firmware 4.3.2.8"
},
{
"model": "vigor3910",
"scope": "eq",
"trust": 0.8,
"vendor": "draytek",
"version": "vigor3910 firmware 4.4.0.0 that\u0027s all 4.4.3.1"
},
{
"model": "vigor3910",
"scope": "eq",
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009832"
},
{
"db": "NVD",
"id": "CVE-2024-41587"
}
]
},
"cve": "CVE-2024-41587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2024-41587",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-41587",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-41587",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-41587",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009832"
},
{
"db": "NVD",
"id": "CVE-2024-41587"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. DrayTek Corporation of vigor3910 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41587"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009832"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41587",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009832",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009832"
},
{
"db": "NVD",
"id": "CVE-2024-41587"
}
]
},
"id": "VAR-202410-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-10-08T23:27:00.949000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009832"
},
{
"db": "NVD",
"id": "CVE-2024-41587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"trust": 1.0,
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41587"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009832"
},
{
"db": "NVD",
"id": "CVE-2024-41587"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009832"
},
{
"db": "NVD",
"id": "CVE-2024-41587"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009832"
},
{
"date": "2024-10-03T19:15:04.310000",
"db": "NVD",
"id": "CVE-2024-41587"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-07T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-009832"
},
{
"date": "2024-10-08T15:32:18.313000",
"db": "NVD",
"id": "CVE-2024-41587"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DrayTek\u00a0Corporation\u00a0 of \u00a0vigor3910\u00a0 Cross-site scripting vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009832"
}
],
"trust": 0.8
}
}
Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2024-10-08 15:34
Severity ?
Summary
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.forescout.com/resources/draybreak-draytek-research/ | Mitigation, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.forescout.com/resources/draytek14-vulnerabilities | Broken Link |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
"versionEndExcluding": "4.3.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS."
},
{
"lang": "es",
"value": "Los dispositivos DrayTek Vigor3910 hasta 4.3.2.6 permiten XSS reflejado basado en DOM no autenticado."
}
],
"id": "CVE-2024-41591",
"lastModified": "2024-10-08T15:34:46.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-03T19:15:04.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2024-10-08 15:31
Severity ?
Summary
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.forescout.com/resources/draybreak-draytek-research/ | Mitigation, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.forescout.com/resources/draytek14-vulnerabilities | Broken Link |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
"versionEndExcluding": "4.3.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL."
},
{
"lang": "es",
"value": "Un problema en los dispositivos DrayTek Vigor310 hasta la versi\u00f3n 4.3.2.6 permite a un atacante obtener informaci\u00f3n confidencial porque el servidor httpd de la interfaz de administraci\u00f3n de Vigor utiliza una cadena est\u00e1tica para inicializar el PRNG de OpenSSL."
}
],
"id": "CVE-2024-41594",
"lastModified": "2024-10-08T15:31:47.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-03T19:15:04.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2024-10-08 15:35
Severity ?
Summary
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.forescout.com/resources/draybreak-draytek-research/ | Mitigation, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.forescout.com/resources/draytek14-vulnerabilities | Broken Link |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
"versionEndExcluding": "4.3.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow."
},
{
"lang": "es",
"value": "Los dispositivos DrayTek Vigor310 hasta 4.3.2.6 permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n ft_payload_dns(), porque se produce una operaci\u00f3n de extensi\u00f3n de signo de byte para el argumento de longitud de una llamada _memcpy, lo que lleva a un desbordamiento de b\u00fafer basado en el mont\u00f3n."
}
],
"id": "CVE-2024-41593",
"lastModified": "2024-10-08T15:35:04.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-03T19:15:04.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2024-10-08 15:32
Severity ?
Summary
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.forescout.com/resources/draybreak-draytek-research/ | Mitigation, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.forescout.com/resources/draytek14-vulnerabilities | Broken Link |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
"versionEndExcluding": "4.3.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6."
},
{
"lang": "es",
"value": "El XSS almacenado, por parte de usuarios autenticados, es causado por una mala desinfecci\u00f3n del mensaje de saludo de la p\u00e1gina de inicio de sesi\u00f3n en los dispositivos DrayTek Vigor310 hasta 4.3.2.6."
}
],
"id": "CVE-2024-41587",
"lastModified": "2024-10-08T15:32:18.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-03T19:15:04.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-41593
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 19:13
Severity ?
EPSS score ?
Summary
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:12:46.197818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T19:13:02.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:29:21.947598",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
},
{
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41593",
"datePublished": "2024-10-03T00:00:00",
"dateReserved": "2024-07-18T00:00:00",
"dateUpdated": "2024-10-03T19:13:02.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41591
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 19:14
Severity ?
EPSS score ?
Summary
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:14:46.529762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T19:14:57.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:26:22.678110",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
},
{
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41591",
"datePublished": "2024-10-03T00:00:00",
"dateReserved": "2024-07-18T00:00:00",
"dateUpdated": "2024-10-03T19:14:57.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41587
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 20:25
Severity ?
EPSS score ?
Summary
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T20:24:15.931214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T20:25:36.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:25:02.832324",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
},
{
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41587",
"datePublished": "2024-10-03T00:00:00",
"dateReserved": "2024-07-18T00:00:00",
"dateUpdated": "2024-10-03T20:25:36.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41594
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 19:09
Severity ?
EPSS score ?
Summary
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:09:26.192252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T19:09:40.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:29:39.340103",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
},
{
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41594",
"datePublished": "2024-10-03T00:00:00",
"dateReserved": "2024-07-18T00:00:00",
"dateUpdated": "2024-10-03T19:09:40.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}