Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

guest · Aug 3, 2022

SMBs should patch CVE-2022-32548 now
August 3, 2022

A critical, pre-authenticated remote code execution (RCE) vulnerability has cropped up in the widely used line of DrayTek Vigor routers for smaller businesses. If it's exploited, researchers warn that it could allow complete device takeover, along with access to the broader network.

The bug (tracked as CVE-2022-32548) carries the highest vulnerability-severity score on the CVSS scale: 10 out of 10. This is no surprise given that not only is it a pre-authentication RCE, but attackers could exploit it to compromise a device without social engineering or user interaction, according to a vulnerability disclosure out today from Trellix.
Click to expand...

DrayTek routers are often used by small and midsize (SMBs) to provide VPN access to employees — an increasing need given the mass migration of workers to work-from-home situations since the pandemic started.

The zero-click attack is possible if the device's management interface is configured to be Internet-facing, according to Trellix (a Shodan search showed that about 200,000 routers have interfaces open to the Internet).
Click to expand...

Trellix: Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under CVE-2022-32548 affecting multiple DrayTek routers. The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing.

A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources. All the affected models have a patched firmware available for download on the vendor’s website.
Click to expand...

Log in or Sign up

Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

guest Guest

Log in or Sign up

Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

guest Guest

Useful Searches