Security News > 2022 > August > Critical RCE vulnerability impacts 29 models of DrayTek routers
Researchers at Trellix have discovered a critical unauthenticated remote code execution vulnerability impacting 29 models of the DrayTek Vigor series of business routers.
The vulnerability is tracked as CVE-2022-32548 and carries a maximum CVSS v3 severity score of 10.0, categorizing it as critical.
DrayTek Vigor devices became very popular during the pandemic by riding the "Work from home" wave.
A Shodan search returned over 700,000 online devices, most located in the UK, Vietnam, Netherlands, and Australia.
DreyTek quickly released security updates for all models mentioned above, so navigate to the vendor's firmware update center and locate the latest version for your model.
For information on performing the firmware update on your router, check out this guide by DreyTek.
News URL
Related news
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-29 | CVE-2022-32548 | Classic Buffer Overflow vulnerability in Draytek products An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. | 0.0 |