Remote code execution in DrayTek Vigor routers



Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-32548
CWE-ID CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Vigor 3910
Hardware solutions / Routers for home users

Vigor 1000B
Hardware solutions / Routers for home users

Vigor 2962
Hardware solutions / Routers for home users

Vigor 2927
Hardware solutions / Routers for home users

Vigor 2915
Hardware solutions / Routers for home users

Vigor 2952P
Hardware solutions / Routers for home users

Vigor 2620
Hardware solutions / Routers for home users

Vigor 200n
Hardware solutions / Routers for home users

Vigor 167
Hardware solutions / Routers for home users

Vigor 165
Hardware solutions / Routers for home users

Vigor 166
Hardware solutions / Routers for home users

Vigor 2135
Hardware solutions / Routers for home users

Vigor 2765
Hardware solutions / Routers for home users

Vigor 2766
Hardware solutions / Routers for home users

Vigor 2865
Hardware solutions / Routers for home users

Vigor 2866
Hardware solutions / Routers for home users

Vigor 2952
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 3220
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2926
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2862
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2133
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2762
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 130
Hardware solutions / Routers & switches, VoIP, GSM, etc

VigorNIC 132
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2832
Hardware solutions / Security hardware applicances

Vendor DrayTek Corp.

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU66126

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-32548

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target device.

The vulnerability exists due to a boundary error in the login page at "/cgi-bin/wlogin.cgi" script within the web management interface. A remote attacker can send a specially crafted base64-encoded payload via HTTP POST request to the affected script, trigger memory corruption and execute arbitrary code on the device.


Mitigation

Install updates from vendor's website. As a temporary solution disable access to the web management interface.

Vulnerable software versions

Vigor 3910: All versions

Vigor 1000B: All versions

Vigor 2962: All versions

Vigor 2927: All versions

Vigor 2915: All versions

Vigor 2952: All versions

Vigor 2952P: All versions

Vigor 3220: All versions

Vigor 2926: All versions

Vigor 2862: All versions

Vigor 2620: All versions

Vigor 200n: All versions

Vigor 2133: All versions

Vigor 2762: All versions

Vigor 167: All versions

Vigor 130: All versions

VigorNIC 132: All versions

Vigor 165: All versions

Vigor 166: All versions

Vigor 2135: All versions

Vigor 2765: All versions

Vigor 2766: All versions

Vigor 2832: All versions

Vigor 2865: All versions

Vigor 2866: All versions

CPE2.3 External links

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###