CVE-2022-32548
published 2022-08-29CVE-2022-32548: An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
33.79%
98.2th percentile
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| draytek | vigor1000b_firmware | < 4.3.1.1 | 4.3.1.1 |
| draytek | vigor165_firmware | < 4.2.4 | 4.2.4 |
| draytek | vigor166_firmware | < 4.2.4 | 4.2.4 |
| draytek | vigor2133_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2133ac_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2133fvac_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2133n_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2133vac_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2135_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2135ac_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2135fvac_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2135vac_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2620l_firmware | < 3.9.8.1 | 3.9.8.1 |
| draytek | vigor2620ln_firmware | < 3.9.8.1 | 3.9.8.1 |
| draytek | vigor2762_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2762ac_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2762n_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2762vac_firmware | < 3.9.6.4 | 3.9.6.4 |
| draytek | vigor2765_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2765ac_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2765vac_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2766_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2766ac_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2766vac_firmware | < 4.4.2 | 4.4.2 |
| draytek | vigor2832_firmware | < 3.9.6 | 3.9.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routershttps://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.htmlhttps://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routershttps://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
2022-08-29
Published