CVE-2024-41594

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor310 versions through 4.3.2.6

Description: The issue is related to insufficiently robust encryption of data, which may allow a remote attacker to disclose protected information and perform a man-in-the-middle (MITM) attack. Specifically, the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL, allowing an attacker to obtain sensitive information.

Recommendations: For DrayTek Vigor310 versions through 4.3.2.6, consider disabling the httpd server of the Vigor management UI until a patch is available to prevent exploitation. Restrict access to the Vigor management UI to minimize the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.