Skip to content

Critical RCE in DrayTek Routers (CVE-2022-32548)

We would like to bring your attention to the following critical remote code execution vulnerability we have recently become aware of which affects the following DrayTek products:

  • Vigor3910 < 4.3.1.1

  • Vigor1000B < 4.3.1.1

  • Vigor2962 Series < 4.3.1.1

  • Vigor2927 Series < 4.4.0

  • Vigor2927 LTE Series < 4.4.0

  • Vigor2915 Series < 4.3.3.2

  • Vigor2952 / 2952P < 3.9.7.2

  • Vigor3220 Series < 3.9.7.2

  • Vigor2926 Series < 3.9.8.1

  • Vigor2926 LTE Series < 3.9.8.1

  • Vigor2862 Series < 3.9.8.1

  • Vigor2862 LTE Series < 3.9.8.1

  • Vigor2620 LTE Series < 3.9.8.1

  • VigorLTE 200n < 3.9.8.1

  • Vigor2133 Series < 3.9.6.4

  • Vigor2762 Series < 3.9.6.4

  • Vigor167 < 5.1.1

  • Vigor130 < 3.8.5

  • VigorNIC 132 < 3.8.5

  • Vigor165 < 4.2.4

  • Vigor166 < 4.2.4

  • Vigor2135 Series < 4.4.2

  • Vigor2765 Series < 4.4.2

  • Vigor2766 Series < 4.4.2

  • Vigor2832 < 3.9.6

  • Vigor2865 Series < 4.4.0

  • Vigor2865 LTE Series < 4.4.0

  • Vigor2866 Series < 4.4.0

  • Vigor2866 LTE Series < 4.4.0

The vulnerability allows remote unauthenticated attackers to execute commands on the affected routers via a buffer overflow flaw in the web management interface. This attack can result in a takeover of the operating system on the device which can then lead to a compromise of any internal infrastructure this router is connected to.

Although there are currently no known exploits available publicly, DrayTek are recommending applying the latest firmware patch to secure against potential threats related to this issue.

We are monitoring the situation, please reach out if you have any concerns or queries about this announcement.

References:

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

https://thehackernews.com/2022/08/critical-rce-bug-could-let-hackers.html

Silhouettes of a team standing together in low light, representing collaboration within a Security Operations Center.

SOC Testing: Turning Your Security Operations Centre into a Continuous Learning Engine

SOC testing isn’t just about finding vulnerabilities. It’s about building collaboration, sharpening human judgment, and turning your SOC into a continuous learning engine.
Wooden garden shed where CovertSwarm founder Anders Reeves conceived the idea for continuous penetration testing during COVID-19 lockdown

Why I founded CovertSwarm after annual pen tests failed me

Almost every business I worked for got breached. Our teams did the same thing each time: an occasional pen test, a thick report full of findings,…
Black and white surveillance perspective view of people at a table through a car window, symbolizing covert observation and offensive security reconnaissance

When a former UK Government cyber operations chief says AI is “limitless” in Offensive Security, we should pay attention

Jim Clover says AI has made offensive cyber “limitless.” Attackers are using it now. The horse has already bolted. And if your red team isn’t keeping…