CVE-2024-41584

MEDIUM

DrayTek Vigor3910 Firmware <= 4.3.2.6 - Authenticated Reflected Cross-Site Scripting via sFormAuthStr Parameter

Title source: llm
STIX 2.1

Description

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.

Scores

CVSS v3 4.7
EPSS 0.0028
EPSS Percentile 20.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
draytek/vigor3910_firmware < 4.3.2.6
Published Oct 03, 2024
Tracked Since Feb 18, 2026