7.5
CVE-2024-41594
- EPSS 0.27%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 19.03.2025 16:15:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Draytek ≫ Vigor2915 Firmware Version < 4.4.5.3
Draytek ≫ Vigor2866 Firmware Version < 4.4.5.2
Draytek ≫ Vigor2766 Firmware Version < 4.4.5.3
Draytek ≫ Vigor2865 Firmware Version < 4.4.5.2
Draytek ≫ Vigor2765 Firmware Version < 4.4.5.3
Draytek ≫ Vigor2763 Firmware Version < 4.4.5.3
Draytek ≫ Vigor2135 Firmware Version < 4.4.5.3
Draytek ≫ Vigor166 Firmware Version < 4.2.7
Draytek ≫ Vigor1000b Firmware Version < 4.3.2.8
Draytek ≫ Vigor1000b Firmware Version >= 4.4.0.0 < 4.4.3.1
Draytek ≫ Vigor165 Firmware Version < 4.2.7
Draytek ≫ Vigor3910 Firmware Version < 4.3.2.8
Draytek ≫ Vigor3910 Firmware Version >= 4.4.0.0 < 4.4.3.1
Draytek ≫ Vigor2962 Firmware Version < 4.3.2.8
Draytek ≫ Vigor2962 Firmware Version >= 4.4.0.0 < 4.4.3.1
Draytek ≫ Vigor3912 Firmware Version < 4.3.6.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.18 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://www.forescout.com/resources/draybreak-draytek-research/
https://www.forescout.com/resources/draytek14-vulnerabilities