Multiple vulnerabilities in DrayTek products
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Credentials management
EUVDB-ID: #VU97985
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41589
CWE-ID:
CWE-255 - Credentials Management
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to the same admin credentials are used across the entire system (including both guest and host operating systems). Obtaining these credentials can lead to full system compromise.
Install updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
EUVDB-ID: #VU97983
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41594
CWE-ID:
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to software uses a static string to seed the PRNG in OpenSSL for TLS. A remote attacker can perform MitM attack.
Install updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU97982
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41595
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the WebUI. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU97981
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WebUI in /cgi-bin/ipfedr.cgi script. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU97977
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41590
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WebUI. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU97976
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41588
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WebUI when handling data passed to the "/cgi-bin/v2x00.cgi" and "/cgi-bin/cgiwcg.cgi" scripts. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU97980
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41596
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WebUI. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Stored cross-site scripting
EUVDB-ID: #VU97966
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41583
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling a custom router name. A remote user can execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU97978
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41593
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the ft_payloads_dns() function within the WebUI. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) OS command injection
EUVDB-ID: #VU97986
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41585
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the recvCmd binary, used by the host OS for communicating with the guest OS. A malicious guest can pass specially crafted data to the binary and execute arbitrary OS commands on the host OS.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU97975
Risk: Critical
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41592
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in GetCGI() function within the WebUI when handling HTTP query parameters. A remote attacker can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Reflected cross-site scripting
EUVDB-ID: #VU97969
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41584
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "sFormAuthSr" parameter to wlogin.cgi. A remote attacker can trick the victim into clicking on a specially crafted line and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Reflected cross-site scripting
EUVDB-ID: #VU97968
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41591
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "content" query string parameter to doc/hslogp1_link.htm. A remote attacker can trick the victim into clicking on a specially crafted line and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Stored cross-site scripting
EUVDB-ID: #VU97967
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41587
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling a custom greeting message. A remote user can execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVigor 1000B: before 4.3.2.8
Vigor 2962: before 4.3.2.8
Vigor 3910: before 4.3.2.8
Vigor 3912: before 4.3.6.1
Vigor 165: before 4.2.7
Vigor 166: before 4.2.7
Vigor 2135: before 4.4.5.1
Vigor 2763: before 4.4.5.1
Vigor 2765: before 4.4.5.1
Vigor 2766: before 4.4.5.1
Vigor 2865: before 4.4.5.3
Vigor 2866: before 4.4.5.3
Vigor 2915: before 4.4.5.3
Vigor 2620: before 3.9.8.9
Vigor LTE200: before 3.9.8.9
Vigor 2133: before 3.9.9
Vigor 2762: before 3.9.9
Vigor 2832: before 3.9.9
Vigor 2860: before 3.9.8
Vigor 2925: before 3.9.8
Vigor 2862: before 3.9.9.5
Vigor 2926: before 3.9.9.5
Vigor 2952: before 3.9.8.2
Vigor 3220: before 3.9.8.2
CPE2.3http://www.forescout.com/resources/draybreak-draytek-research/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
