DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
PSA: Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers
- keithop
- Topic Author
- User
-
Less
More
04 Aug 2022 15:41 #1
by keithop
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
Summary
The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under CVE-2022-32548 affecting multiple DrayTek routers. The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources. All the affected models have a patched firmware available for download on the vendor’s website.
worth a read and making sure our patches are all up to date!
PSA: Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers was created by keithop
Summary
The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under CVE-2022-32548 affecting multiple DrayTek routers. The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources. All the affected models have a patched firmware available for download on the vendor’s website.
worth a read and making sure our patches are all up to date!
Please Log in or Create an account to join the conversation.
- hornbyp
- User
-
Less
More
04 Aug 2022 18:11 #2
by hornbyp
Replied by hornbyp on topic Re: PSA: Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers
Please Log in or Create an account to join the conversation.
- desquinn
- Offline
- Junior Member
-
Less
More
- Posts: 73
- Thank you received: 0
04 Aug 2022 19:27 #3
by desquinn
Des Quinn
Replied by desquinn on topic Re: PSA: Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers
conversation from earlier here ![:) :)](/media/kunena/emoticons/3.png)
- https://forum.draytek.co.uk/viewtopic.php?t=24720
BT firmwares for all our devices as well.
![:) :)](/media/kunena/emoticons/3.png)
BT firmwares for all our devices as well.
Des Quinn
Please Log in or Create an account to join the conversation.
Copyright © 2024 DrayTek