29 models of DrayTek routers impacted by critical RCE vulnerability

Trellix Researchers recently discovered a critical unauthenticated remote code execution (RCE) vulnerability. This vulnerability is impacting 29 models of the DrayTek Vigor series of business routers. 

The vulnerability has been labelled as CVE-2022-32548. It carries a maximum CVSS v3 severity score of 10.0 thus categorizing itself as critical. 

In this vulnerability, the attacker doesn’t require access to credentials or user interaction to exploit the vulnerability. The attacker can use the default device configuration to make the attack viable via the internet and LAN. 

The following functions can be carried out by a hacker who exploits this vulnerability: complete device takeover, gain access to information, lay grounds for stealthy man-in-the-middle attacks, change DNS settings, use the routers as DDoS or cryptominer bots or pivot devices connected to the breach network. 

DrayTek Vigor facilitates excellent cost-efficient products for VPN access to small and medium-sized business networks. Because of this they were widely popular during the pandemic as “work-from-home” took over then. 

Researchers have found an estimated 200,000 of the detected routers to expose the vulnerability service on the internet. Thus, it is readily exploitable without user interaction or any other special prerequisites. 

The models, which are vulnerable, are as follows:

  • Vigor3910
  • Vigor1000B
  • Vigor2962 Series
  • Vigor2927 Series
  • Vigor 2927 LTE Series
  • Vigor 2915 Series
  • Vigor 2952 / 2952P
  • Vigor3230 Series
  • Vigor2926 Series
  • Vigor2926 LTE Series
  • Vigor2862 Series
  • Vigor2862 LTE Series
  • Vigor2620 LTE Series
  • VigorLTE 200n
  • Vigor2133 Series
  • Vigor2762 Series
  • Vigor167
  • Vigor130
  • VigorNIC 132
  • Vigor165
  • Vigor166
  • Vigor2135 Series
  • Vigor2765 Series
  • Vigor2766 Series
  • Vigor2832
  • Vigor2865 Series
  • Vigor2865 LTE Series
  • Vigor2866 Series
  • Vigor2866 LTE Series

The security updates for all the above mentioned models can be found in the vendor’s firmware update centre. DrayTek quickly released the security updates for these models.