Notably, the entire corporate Virgo line of products is affected.
This vulnerability has the CVE-2022-32548 tracking number and a CVSSv3 threat score of 10, which is the highest possible level. Because of this, CVE-2022-32548 is regarded as being extremely hazardous and necessitates quick corrective and mitigating actions.
Hackers don’t need the victim’s interaction or login credentials to take advantage of CVE-2022-32548. The device’s default configuration permits the assault to be conducted across LAN and the internet.
When the CVE-2022-32548 vulnerability is successfully exploited, hackers can do the following things:
complete command of the gadget.
create the necessary framework for man-in-the-middle attacks.
Modify the DNS settings.
DDoS assaults or bitcoin mining using routers as bots.
Wide-ranging impact
Due to the rise of working from home, DrayTek Vigor devices saw a huge increase in popularity during the pandemic. They are affordable VPN access packages for SME networks.
Over 700,000 DrayTek Virgo devices are online, according to a fast Shodan search. These gadgets are primarily found in Australia, the Netherlands, the UK, and Vietnam.
Trellix made the decision to assess the security of one of the best router models made by DrayTek. The outcomes demonstrate that the login page of the web administration interface has a buffer overflow. Photo: DrayTek
The vulnerability might be enabled and the operating system of the device could be taken over by a hacker using a specifically created pair of credentials as a base64 encoded string in the login fields.
The attack surface is reduced because many of the remaining 500,000 can be exploited with one-click attacks but only through LAN.
On the list of vulnerable devices are:
Vigor3910
Vigor1000B
Vigor2962 Series
Vigor2927 Series
Vigor2927 LTE Series
Vigor2915 Series
Vigor2952 / 2952P
Vigor3220 Series
Vigor2926 Series
Vigor2926 LTE Series
Vigor2862 Series
Vigor2862 LTE Series
Vigor2620 LTE Series
VigorLTE 200n
Vigor2133 Series
Vigor2762 Series
Vigor167
Vigor130
VigorNIC 132
Vigor165
Vigor166
Vigor2135 Series
Vigor2765 Series
Vigor2766 Series
Vigor2832
Vigor2865 Series
Vigor2865 LTE Series
Vigor2866 Series
Vigor2866 LTE Series
For the aforementioned devices, DrayTek swiftly published security upgrades. Find the most recent firmware for the above-mentioned devices, download it, then install it to fix the issue.
