DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

URGENT - CVE-2022-32548 CVSS 10.0

  • qwaz01
  • Topic Author
  • User
  • User
More
04 Aug 2022 12:19 #1 by qwaz01
URGENT - CVE-2022-32548 CVSS 10.0 was created by qwaz01
Just posting to make sure everyone is aware of this...

The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under CVE-2022-32548 affecting multiple DrayTek routers. The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources.

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

The vulnerable devices are as follow:

Vigor3910 < 4.3.1.1
Vigor1000B < 4.3.1.1
Vigor2962 Series < 4.3.1.1
Vigor2927 Series < 4.4.0
Vigor2927 LTE Series < 4.4.0
Vigor2915 Series < 4.3.3.2
Vigor2952 / 2952P < 3.9.7.2
Vigor3220 Series < 3.9.7.2
Vigor2926 Series < 3.9.8.1
Vigor2926 LTE Series < 3.9.8.1
Vigor2862 Series < 3.9.8.1
Vigor2862 LTE Series < 3.9.8.1
Vigor2620 LTE Series < 3.9.8.1
VigorLTE 200n < 3.9.8.1
Vigor2133 Series < 3.9.6.4
Vigor2762 Series < 3.9.6.4
Vigor167 < 5.1.1
Vigor130 < 3.8.5
VigorNIC 132 < 3.8.5
Vigor165 < 4.2.4
Vigor166 < 4.2.4
Vigor2135 Series < 4.4.2
Vigor2765 Series < 4.4.2
Vigor2766 Series < 4.4.2
Vigor2832 < 3.9.6
Vigor2865 Series < 4.4.0
Vigor2865 LTE Series < 4.4.0
Vigor2866 Series < 4.4.0
Vigor2866 LTE Series < 4.4.0

Please Log in or Create an account to join the conversation.

More
04 Aug 2022 13:28 #2 by desquinn
Replied by desquinn on topic Re: URGENT - CVE-2022-32548 CVSS 10.0
cheers for this. I wonder if access points will have the same exposure. I am guessing so. Also no mention of anything below 2862 I see.
Des Quinn

Please Log in or Create an account to join the conversation.

  • qwaz01
  • Topic Author
  • User
  • User
More
04 Aug 2022 13:32 #3 by qwaz01
Replied by qwaz01 on topic Re: URGENT - CVE-2022-32548 CVSS 10.0

desquinn wrote:
cheers for this. I wonder if access points will have the same exposure. I am guessing so. Also no mention of anything below 2862 I see.



Yeah we still have a few 2860's out there so hopefully they release a patch.

No official word from Draytek yet though about this? Normally they release a statement.

Please Log in or Create an account to join the conversation.

  • qwaz01
  • Topic Author
  • User
  • User
More
04 Aug 2022 14:09 #4 by qwaz01
Replied by qwaz01 on topic Re: URGENT - CVE-2022-32548 CVSS 10.0
Statement from Draytek

https://www.draytek.com/about/security-advisory/draytek-router-unauthenticated-remote-code-execution-vulnerability-(cve-2022-32548)/

Please Log in or Create an account to join the conversation.

More
04 Aug 2022 14:54 #5 by desquinn
Replied by desquinn on topic Re: URGENT - CVE-2022-32548 CVSS 10.0
was coming back to post that and that it mentions that if it is not on their list then it is not affected. So the 2860 and Aps should be ok.
Des Quinn

Please Log in or Create an account to join the conversation.