Security Advisory: DrayTek Router unauthenticated remote code execution vulnerability (CVE-2022-32548)
ExpiredModels Affected: See table below
Priority: Critical
Action Required: Check firmware version on units and upgrade if required
In April 2022, we became aware of a possible exploit affecting some of our products that was identified during testing and reported to us*. We are not aware of any exploits of this in the wild and started to release firmware updates in May 2022. Our standard best practice recommendation is to always keep firmware up to date, but we recommend that you check that affected units are running at least the firmware version in the table below. If the model is not listed, then it is not affected by this vulnerability. To protect users until all firmware versions were available and to give time for upgrades, no other information about the issue was released originally. The vulnerability has now been announced under CVE-2022-32548 and is related to a possible exploit of the router's Web UI login page.
1. If you have not already upgraded, update your firmware immediately. Before doing the upgrade, take a backup of your current config in case you need to restore it later (system maintenance -> Config Backup). Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware then please check the release notes carefully for any upgrading instructions.
2. If you have remote access enabled on your router, disable it if you don't need it, and use an access control list and 2FA if possible. If your unit is not already running patched firmware (see table below), disable remote access (admin) and SSL VPN. The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.
3. It is good practice to update the router admin password.
| Model | Firmware |
| Vigor 165 | 4.2.4 |
| Vigor 166 | 4.2.4 |
| VigorLTE 200n | 3.9.8.1 |
| Vigor 2133 Series | 3.9.6.4 |
| Vigor 2135 Series | 4.4.2 |
| Vigor 2620n | 3.9.8.1 |
| Vigor 2760 Series | 3.8.9.6 |
| Vigor 2762 Series | 3.9.6.4 |
| Vigor 2765 Series | 4.4.2 |
| Vigor 2766 Series | 4.4.2 |
| Vigor 2832 Series | 3.9.6 |
| Vigor 2860 Series | 3.9.2 |
| Vigor 2862 Series | 3.9.8.1 |
| Vigor 2865 Series | 4.4.0 |
| Vigor 2866 Series | 4.4.0 |
| Vigor 2915 Series | 4.3.3.2 |
| Vigor 2925 Series | 3.9.2 |
| Vigor 2926 Series | 3.9.8.1 |
| Vigor 2927 Series | 4.4.0 |
| Vigor 2952 Series |
3.9.7.2 |
| Vigor 2962 | 4.3.1.1 |
| Vigor 3220 | 3.9.7.2 |
| Vigor 3910 | 4.3.1.1 |
| Vigor 1000B | 4.3.1.1 |
Any updates or changes in the situation will be posted here.
* Thank you to Trellix Threat Labs Vulnerability Research team for their testing and prompt reporting.
Update Mailing List (UK/Ireland)
UK/Ireland users should subscribe to our mailing-list in order to receive timely notifications of firmware or critical updates like this and as a general rule of best practice, always keep all of your products firmware up to date and check for updates.
Disclaimer : Please check this web page again for any new/updated information. You are advised to always keep your product's firmware or software up-to-date and keep in touch with your vendors to be advised of any new vulnerabilities (for example by subscribing to mailing lists). The information is this web page is provided in good faith based on the the information available to us at the current time, following an appropriate assessment but without acceptance of liability in the case of new, developing or existing threats or unlawful activity against your system. Any suggestions given above are provided as general information but should not be considered a thorough or specific assessment of your own individual security risks and you should take formal advice from a security expert to assess your specific security needs. As with any advisory, the suggested advice forms part of your own security planning and protocols.