By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Notification
Latest News
Twilio was hacked: Credentials stolen from Twilio employees.
August 10, 2022
Chinese hackers attack defense companies and government agencies in Russia and Eastern Europe
August 10, 2022
US authorities imposed sanctions on the cryptocurrency mixer Tornado Cash
August 10, 2022
Microsoft: Windows devices on new CPUs can corrupt data
August 10, 2022
Microsoft will improve the security of Edge when working with less popular sites
August 10, 2022
Aa
  • News
  • Security Insider
  • Tutorials
Reading: Critical RCE Vulnerability Threatens Nearly 30 DrayTek Router Models
Share
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Aa
Search
  • News
  • Security Insider
  • Tutorials
Follow US
Security Parrot - Cyber Security News, Insights and Reviews > News > Critical RCE Vulnerability Threatens Nearly 30 DrayTek Router Models
News

Critical RCE Vulnerability Threatens Nearly 30 DrayTek Router Models

Last updated: 2022/08/05 at 11:54 PM
Security Parrot Editorial Team Published August 5, 2022
Share
SHARE

Hundreds of thousands of DrayTek Vigor routers are at risk due to a new RCE vulnerability discovered by Trellix researchers. The bug affects almost 30 models of the manufacturer’s routers, which are used by small and medium-sized businesses.

The vulnerability received the identifier CVE-2022-32548 and the maximum severity rating on the CVSS scale – 10 points out of 10 possible. Initially, the problem was found in the Vigor 3910 routers, but it soon became clear that it affects other models using the same codebase.

The researchers decided to look for bugs in DrayTek products because of their popularity: after the widespread transition to remote work, they are widely used by small and medium-sized businesses, and searching through Shodan reveals more than 700,000 devices, most of which are located in the UK, Vietnam, the Netherlands and Australia.

An attacker does not need to know the credentials or interact with the user to exploit this vulnerability: the device’s default configuration makes it possible to attack both over the Internet and over a local network. The root of the problem is that the web management interface is suffering from a buffer overflow issue on the login page.

Hackers exploiting this vulnerability are potentially able to:

  • take full control of the device;
  • access information;
  • set the stage for man-in-the-middle stealth attacks;
  • change DNS settings;
  • use the router as a DDoS bot and for mining operations;
  • navigate to other devices connected to the hacked network.

At the same time, the attack is extremely simple and does not require serious preparation and effort. It is enough to enter a specially crafted pair of credentials (in the format of base64 encoded strings) into the login fields, and the vulnerability works.

The researchers say that at least 200,000 routers they have discovered are exposed to a vulnerable service over the Internet, which means they can be attacked without user interaction or any other special conditions. It is believed that among the remaining 500,000 routers, many can also be hacked literally in one click, but only through a local network, so the potential surface of such attacks is much smaller.

Trellix experts write that the following models are vulnerable to CVE-2022-32548:

  • Vigor3910
  • Vigor1000B
  • Vigor2962 Series
  • Vigor2927 Series
  • Vigor2927 LTE Series
  • Vigor2915 Series
  • Vigor2952/2952P
  • Vigor3220 Series
  • Vigor2926 Series
  • Vigor2926 LTE Series
  • Vigor2862 Series
  • Vigor2862 LTE Series
  • Vigor2620 LTE Series
  • VigorLTE 200n
  • Vigor2133 Series
  • Vigor2762 Series
  • Vigor167
  • Vigor130
  • VigorNIC 132
  • Vigor165
  • Vigor166
  • Vigor2135 Series
  • Vigor2765 Series
  • Vigor2766 Series
  • Vigor2832
  • Vigor2865 Series
  • Vigor2865 LTE Series
  • Vigor2866 Series
  • Vigor2866 LTE Series

    Fortunately, DreyTek developers have already released updates for all the routers mentioned above, so all users are strongly advised to update the firmware of their devices as soon as possible.

Security Parrot Editorial Team August 5, 2022
Share this Article
Facebook Twitter Email Copy Link Print
What do you think?
Love0
Happy0
Joy0
Surprise0
Embarrass0
Sad0
Cry0
Angry0
Dead0

You Might Also Like

News

Twilio was hacked: Credentials stolen from Twilio employees.

August 10, 2022
News

Chinese hackers attack defense companies and government agencies in Russia and Eastern Europe

August 10, 2022
News

US authorities imposed sanctions on the cryptocurrency mixer Tornado Cash

August 10, 2022
News

Microsoft: Windows devices on new CPUs can corrupt data

August 10, 2022

© 2022 Parrot Media Network. All Rights Reserved.

  • Home
  • About Us
  • Contribute
  • Privacy Policy
  • Terms and Conditions

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?