Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Critical RCE vulnerability affects 29 DrayTek router models
Notably, the affected products are all from the enterprise Virgo line.
This vulnerability is tracked under the code CVE-2022-32548 and is scored 10, the maximum score on the CVSSv3 threat scale. For that reason, CVE-2022-32548 is considered extremely dangerous and requires immediate remedial and mitigation measures.
To exploit CVE-2022-32548, hackers do not need login information or any interaction of the victim. The default configuration of the device allows the attack to be carried out through the internet and LAN.
Hackers successfully exploiting the CVE-2022-32548 vulnerability can perform the following actions:
- Full control of the device.
- Set up the foundation for man-in-the-middle attacks.
- Change DNS settings.
- Use routers as bots for DDoS attacks or cryptocurrency mining.
Widespread influence
DrayTek Vigor devices became very popular during the pandemic due to the wave of working from home. They are reasonably priced products for VPN access to SME networks.
A quick Shodan search results in over 700,000 DrayTek Virgo devices connected to the internet. Most of these devices are located in the UK, Vietnam, the Netherlands and Australia.
Critical RCE vulnerability affects 29 DrayTek router models Picture 1
Trellix decided to evaluate the security of one of DrayTek's top router models. The results show that the web management interface has a buffer overflow on the login page.
Using a specially generated pair of credentials as a base64 encoded string in the login fields, a hacker could enable the vulnerability and take control of the device's operating system.
Researchers found at least 200,000 of the routers discovered on Shodan expose a vulnerable service on the internet and thus can be easily exploited without user interaction or any other any other special prerequisites.
Of the remaining 500,000, many are exploitable with one-click attacks but only through LAN so the attack surface is smaller.
The list of affected devices includes:
- Vigor3910
- Vigor1000B
- Vigor2962 Series
- Vigor2927 Series
- Vigor2927 LTE Series
- Vigor2915 Series
- Vigor2952 / 2952P
- Vigor3220 Series
- Vigor2926 Series
- Vigor2926 LTE Series
- Vigor2862 Series
- Vigor2862 LTE Series
- Vigor2620 LTE Series
- VigorLTE 200n
- Vigor2133 Series
- Vigor2762 Series
- Vigor167
- Vigor130
- VigorNIC 132
- Vigor165
- Vigor166
- Vigor2135 Series
- Vigor2765 Series
- Vigor2766 Series
- Vigor2832
- Vigor2865 Series
- Vigor2865 LTE Series
- Vigor2866 Series
- Vigor2866 LTE Series
DrayTek quickly released security updates for the above devices. If you are using the devices listed above, find and download the latest firmware then install to patch the vulnerability.
Isabella HumphreyYou should read it
- How to change Modem login password and Vigor Draytek Router
- Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
- How to set up Port Forwarding on Draytek router
- Many Netgear router models contain serious RCE security holes
- Three critical holes in Linksys routers, hackers can take advantage of hijacking
- Detect dangerous security holes affecting many D-Link routers
- Detect 2 serious security holes in the Zoom application
- How to set up and configure DDNS on Draytek router
- Internet Explorer has vulnerabilities, unused users are still hacked
- AMD patched a series of security holes in the graphics driver for Windows 10
- Detecting a series of vulnerabilities can help hackers disable metal detectors at airports
- Top 30 serious security holes are being exploited by hackers the most
Maybe you are interested
Series of DrayTek router models have security holes
Apple Watch Series 10 review: Slim design, larger screen, improved user experience
New iPhone 16 meme series, mixed reviews but hilarious
7 favorite features on Apple Watch Series 10
How to add additional storage to Xbox Series X
Microsoft updates a series of useful new features for Windows Sandbox
Security solution
7 best proxy sites to try for safer browsing- 7-zip adds an extremely important security feature on Windows
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- ChromeLoader malware rages around the world, attacking both Windows and Mac
- The Importance of Next-Gen Digital Identity Protection
7 best proxy sites to try for safer browsing
7-zip adds an extremely important security feature on Windows
New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
ChromeLoader malware rages around the world, attacking both Windows and Mac
The Importance of Next-Gen Digital Identity Protection