Remote code execution in DrayTek Vigor routers
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-32548 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Vigor 3910 Hardware solutions / Routers for home users Vigor 1000B Hardware solutions / Routers for home users Vigor 2962 Hardware solutions / Routers for home users Vigor 2927 Hardware solutions / Routers for home users Vigor 2915 Hardware solutions / Routers for home users Vigor 2952P Hardware solutions / Routers for home users Vigor 2620 Hardware solutions / Routers for home users Vigor 200n Hardware solutions / Routers for home users Vigor 167 Hardware solutions / Routers for home users Vigor 165 Hardware solutions / Routers for home users Vigor 166 Hardware solutions / Routers for home users Vigor 2135 Hardware solutions / Routers for home users Vigor 2765 Hardware solutions / Routers for home users Vigor 2766 Hardware solutions / Routers for home users Vigor 2865 Hardware solutions / Routers for home users Vigor 2866 Hardware solutions / Routers for home users Vigor 2952 Hardware solutions / Routers & switches, VoIP, GSM, etc Vigor 3220 Hardware solutions / Routers & switches, VoIP, GSM, etc Vigor 2926 Hardware solutions / Routers & switches, VoIP, GSM, etc Vigor 2862 Hardware solutions / Routers & switches, VoIP, GSM, etc Vigor 2133 Hardware solutions / Routers & switches, VoIP, GSM, etc Vigor 2762 Hardware solutions / Routers & switches, VoIP, GSM, etc Vigor 130 Hardware solutions / Routers & switches, VoIP, GSM, etc VigorNIC 132 Hardware solutions / Routers & switches, VoIP, GSM, etc Vigor 2832 Hardware solutions / Security hardware applicances |
| Vendor | DrayTek Corp. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU66126
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-32548
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target device.
The vulnerability exists due to a boundary error in the login page at "/cgi-bin/wlogin.cgi" script within the web management interface. A remote attacker can send a specially crafted base64-encoded payload via HTTP POST request to the affected script, trigger memory corruption and execute arbitrary code on the device.
Install updates from vendor's website. As a temporary solution disable access to the web management interface.
Vigor 3910: All versions
Vigor 1000B: All versions
Vigor 2962: All versions
Vigor 2927: All versions
Vigor 2915: All versions
Vigor 2952: All versions
Vigor 2952P: All versions
Vigor 3220: All versions
Vigor 2926: All versions
Vigor 2862: All versions
Vigor 2620: All versions
Vigor 200n: All versions
Vigor 2133: All versions
Vigor 2762: All versions
Vigor 167: All versions
Vigor 130: All versions
VigorNIC 132: All versions
Vigor 165: All versions
Vigor 166: All versions
Vigor 2135: All versions
Vigor 2765: All versions
Vigor 2766: All versions
Vigor 2832: All versions
Vigor 2865: All versions
Vigor 2866: All versions
CPE2.3- cpe:2.3:h:draytek_corp:vigor_3910:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_1000b:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2962:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2927:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2915:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2952:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2952p:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_3220:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2926:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2862:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2620:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2133:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2762:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_167:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_130:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigornic_132:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_165:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_166:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2135:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2765:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2766:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2832:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2865:*:*:*:*:*:*:*:*
- cpe:2.3:h:draytek_corp:vigor_2866:*:*:*:*:*:*:*:*
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
