CVE-2024-41589

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 3, 2024

Updated: Oct 4, 2024

CWE ID 287

Summary

CVE-2024-41589 is a newly disclosed vulnerability affecting DrayTek Vigor310 devices up to version 4.3.2.6. This issue arises due to the use of unencrypted HTTP for authentication requests, making it susceptible to eavesdropping and potential man-in-the-middle attacks. An attacker can intercept and read sensitive information, such as passwords and credentials, during transmission. Users of these devices are encouraged to update to the latest available firmware, which should address this vulnerability, or consider implementing additional security measures like a VPN to secure their communications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xFQ5OP
https://www.cve.org/CVERecord?id=CVE-2024-41589
https://nvd.nist.gov/vuln/detail/CVE-2024-41589

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-41589

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations