CVE-2024-41583

MEDIUM

DrayTek Vigor3910 Firmware < 4.3.2.6 - Authenticated Stored Cross-Site Scripting via Router Name

Title source: llm
STIX 2.1

Description

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name.

Scores

CVSS v3 4.7
EPSS 0.0028
EPSS Percentile 20.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
draytek/vigor3910_firmware < 4.3.2.6
Published Oct 03, 2024
Tracked Since Feb 18, 2026