Описание
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
Затрагиваемое ПО
Draytek Vigor2620 firmwareDraytek Vigor2620Draytek Vigor2915 firmwareDraytek Vigor2915Draytek Vigor2866 firmwareDraytek Vigor2866Draytek Vigor2766 firmwareDraytek Vigor2766Draytek Vigor2865 firmwareDraytek Vigor2865Draytek Vigor2765 firmwareDraytek Vigor2765Draytek Vigor2763 firmwareDraytek Vigor2763Draytek Vigor2135 firmwareDraytek Vigor2135Draytek Vigor166 firmwareDraytek Vigor166Draytek Vigor1000b firmwareDraytek Vigor1000bDraytek Vigor165 firmwareDraytek Vigor165Draytek Vigor3910 firmwareDraytek Vigor3910Draytek Vigor2962 firmware
CVSS
| Балл | 7.5 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Источники
https://www.forescout.com/resources/draybreak-draytek-research/https://www.forescout.com/resources/draytek14-vulnerabilities