PT-2024-7430 · Draytek · Draytek Vigor310
Published
2024-10-02
·
Updated
2024-10-08
·
CVE-2024-41587
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
DrayTek Vigor310 devices through 4.3.2.6
Description:
The issue is caused by poor sanitization of the Login Page Greeting message, allowing stored XSS attacks by authenticated users. This can enable remote attackers to conduct cross-site scripting attacks.
Recommendations:
For DrayTek Vigor310 devices through 4.3.2.6, consider disabling the Login Page Greeting message until a patch is available to prevent exploitation. Restrict access to the login page to minimize the risk of stored XSS attacks.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Draytek Vigor310