cbcvebase.
CVE-2022-32548
published 2022-08-29

CVE-2022-32548: An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
33.79%
98.2th percentile
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

Affected

68 ranges· showing 25
VendorProductVersion rangeFixed in
draytekvigor1000b_firmware< 4.3.1.14.3.1.1
draytekvigor165_firmware< 4.2.44.2.4
draytekvigor166_firmware< 4.2.44.2.4
draytekvigor2133_firmware< 3.9.6.43.9.6.4
draytekvigor2133ac_firmware< 3.9.6.43.9.6.4
draytekvigor2133fvac_firmware< 3.9.6.43.9.6.4
draytekvigor2133n_firmware< 3.9.6.43.9.6.4
draytekvigor2133vac_firmware< 3.9.6.43.9.6.4
draytekvigor2135_firmware< 4.4.24.4.2
draytekvigor2135ac_firmware< 4.4.24.4.2
draytekvigor2135fvac_firmware< 4.4.24.4.2
draytekvigor2135vac_firmware< 4.4.24.4.2
draytekvigor2620l_firmware< 3.9.8.13.9.8.1
draytekvigor2620ln_firmware< 3.9.8.13.9.8.1
draytekvigor2762_firmware< 3.9.6.43.9.6.4
draytekvigor2762ac_firmware< 3.9.6.43.9.6.4
draytekvigor2762n_firmware< 3.9.6.43.9.6.4
draytekvigor2762vac_firmware< 3.9.6.43.9.6.4
draytekvigor2765_firmware< 4.4.24.4.2
draytekvigor2765ac_firmware< 4.4.24.4.2
draytekvigor2765vac_firmware< 4.4.24.4.2
draytekvigor2766_firmware< 4.4.24.4.2
draytekvigor2766ac_firmware< 4.4.24.4.2
draytekvigor2766vac_firmware< 4.4.24.4.2
draytekvigor2832_firmware< 3.9.63.9.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.