Critical Vulnerability in 29 Models of DrayTek Routers

⚡ TL;DR | Go Straight to the DrayTek Vulnerability Report

The Research team at the Trellix Threat Labs has discovered a critical unauthenticated remote code execution vulnerability impacting 29 models of the DrayTek Vigor series of business routers. The vulnerability, tracked as CVE-2022-32548 carries a maximum CVSS v3 severity score of 10.0 and could lead to complete device takeover enabling a malicious actor to access internal resources of the breached networks.

A full list of all 29 affected DrayTek Vigor models can be found on Trellix's story page. The vulnerability is due to a buffer overflow on the login page of the web management interface. The attack can be performed without user interaction or the need for credentials. By default, a one-click attack is viable via the LAN. If the management interface of the device has been configured to be internet-facing, it may also be reachable via the internet.

Update Vulnerable DrayTek Vigor Routers

DrayTek has already released a patch for all affected models, which you can find in their firmware update center. If your organization is using any DrayTek devices, it is recommended that you apply the patch as soon as possible. All at-risk models of DrayTek Vigor are listed below as well as on Trellix's story page.

Vulnerable DevicesFixed Version
Vigor39104.3.1.1
Vigor1000B 4.3.1.1
Vigor2962 Series4.3.1.1
Vigor2927 Series4.4.0
Vigor2927 LTE Series4.4.0
Vigor2915 Series4.3.3.2
Vigor2952 / 2952P3.9.7.2
Vigor3220 Series3.9.7.2
Vigor2926 Series3.9.8.1
Vigor2926 LTE Series3.9.8.1
Vigor2862 Series3.9.8.1
Vigor2862 LTE Series3.9.8.1
Vigor2620 LTE Series3.9.8.1
VigorLTE 200n3.9.8.1
Vigor2133 Series3.9.6.4
Vigor2762 Series3.9.6.4
Vigor1675.1.1
Vigor1303.8.5
VigorNIC 1323.8.5
Vigor1654.2.4
Vigor1664.2.4
Vigor2135 Series4.4.2
Vigor2765 Series4.4.2
Vigor2766 Series4.4.2
Vigor2832 3.9.6
Vigor2865 Series4.4.0
Vigor2865 LTE Series4.4.0
Vigor2866 Series4.4.0
Vigor2866 LTE Series4.4.0

Discover Vulnerable Devices

Based on the list of affected models shared by Trellix, we have created a special Lansweeper report that will provide a list of all devices in your environment that could be affected by the vulnerability. This way you have an actionable list of devices that might require a patch.

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​