Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-41594

Oct. 8, 2024, 3:31 p.m.

Tags

cve@mitre.org
CWE-326
2024-10-03
CVE-2024-41594

CVSS Score

7.5 / 10

Products Impacted

Vendor Product Versions
draytek
  • vigor2620_firmware
  • vigor2620
  • vigor2915_firmware
  • vigor2915
  • vigor2866_firmware
  • vigor2866
  • vigor2766_firmware
  • vigor2766
  • vigor2865_firmware
  • vigor2865
  • vigor2765_firmware
  • vigor2765
  • vigor2763_firmware
  • vigor2763
  • vigor2135_firmware
  • vigor2135
  • vigor166_firmware
  • vigor166
  • vigor1000b_firmware
  • vigor1000b
  • vigor165_firmware
  • vigor165
  • vigor3910_firmware
  • vigor3910
  • vigor2962_firmware
  • vigor2962
  • vigor3912_firmware
  • vigor3912
  • vigorlte200_firmware
  • vigorlte200
  • vigor2133_firmware
  • vigor2133
  • vigor2762_firmware
  • vigor2762
  • vigor2832_firmware
  • vigor2832
  • vigor2860_firmware
  • vigor2860
  • vigor2862_firmware
  • vigor2862
  • vigor2925_firmware
  • vigor2925
  • vigor2926_firmware
  • vigor2926
  • vigor2952_firmware
  • vigor2952
  • vigor3220_firmware
  • vigor3220
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -

Description

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.

Weaknesses

CWE-326
Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE ID: 326

Date

Published: Oct. 3, 2024, 7:15 p.m.

Last Modified: Oct. 8, 2024, 3:31 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o draytek vigor2620_firmware / / / / / / / /
h draytek vigor2620 - / / / / / / /
o draytek vigor2915_firmware / / / / / / / /
h draytek vigor2915 - / / / / / / /
o draytek vigor2866_firmware / / / / / / / /
h draytek vigor2866 - / / / / / / /
o draytek vigor2766_firmware / / / / / / / /
h draytek vigor2766 - / / / / / / /
o draytek vigor2865_firmware / / / / / / / /
h draytek vigor2865 - / / / / / / /
o draytek vigor2765_firmware / / / / / / / /
h draytek vigor2765 - / / / / / / /
o draytek vigor2763_firmware / / / / / / / /
h draytek vigor2763 - / / / / / / /
o draytek vigor2135_firmware / / / / / / / /
h draytek vigor2135 - / / / / / / /
o draytek vigor166_firmware / / / / / / / /
h draytek vigor166 - / / / / / / /
o draytek vigor1000b_firmware / / / / / / / /
o draytek vigor1000b_firmware / / / / / / / /
h draytek vigor1000b - / / / / / / /
o draytek vigor165_firmware / / / / / / / /
h draytek vigor165 - / / / / / / /
o draytek vigor3910_firmware / / / / / / / /
o draytek vigor3910_firmware / / / / / / / /
h draytek vigor3910 - / / / / / / /
o draytek vigor2962_firmware / / / / / / / /
o draytek vigor2962_firmware / / / / / / / /
h draytek vigor2962 - / / / / / / /
o draytek vigor3912_firmware / / / / / / / /
h draytek vigor3912 - / / / / / / /
o draytek vigorlte200_firmware / / / / / / / /
h draytek vigorlte200 - / / / / / / /
o draytek vigor2133_firmware / / / / / / / /
h draytek vigor2133 - / / / / / / /
o draytek vigor2762_firmware / / / / / / / /
h draytek vigor2762 - / / / / / / /
o draytek vigor2832_firmware / / / / / / / /
h draytek vigor2832 - / / / / / / /
o draytek vigor2860_firmware / / / / / / / /
h draytek vigor2860 - / / / / / / /
o draytek vigor2862_firmware / / / / / / / /
h draytek vigor2862 - / / / / / / /
o draytek vigor2925_firmware / / / / / / / /
h draytek vigor2925 - / / / / / / /
o draytek vigor2926_firmware / / / / / / / /
h draytek vigor2926 - / / / / / / /
o draytek vigor2952_firmware / / / / / / / /
h draytek vigor2952 - / / / / / / /
o draytek vigor3220_firmware / / / / / / / /
h draytek vigor3220 - / / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score
7.5
Exploitability Score
3.9
Impact Score
3.6
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://www.forescout.com/ cve@mitre.org
https://www.forescout.com/ cve@mitre.org