VYPR
Medium severity4.7NVD Advisory· Published Oct 3, 2024· Updated Jun 17, 2026

CVE-2024-41584

CVE-2024-41584

Description

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.

Affected products

2
  • Draytek/Vigor3910cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=4.3.2.6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.