CVE-2022-32548

Name of the Vulnerable Software and Affected Versions DrayTek Vigor routers versions prior to 4.3.1.1

Description The issue is related to a buffer overflow in the /cgi-bin/wlogin.cgi script of the DrayTek Vigor router's web management interface. This can be exploited by sending a specially crafted HTTP POST request in base64 encoding, allowing a remote attacker to execute arbitrary code. The vulnerability can be triggered via the username or password fields in the aa or ab field. It is estimated that around 200,000 devices are affected, including 28 models of DrayTek routers. Exploitation of this issue can lead to various consequences, including data leaks, access to internal resources, DNS query tracking, and botnet activity.

Recommendations For DrayTek Vigor routers versions prior to 4.3.1.1, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the /cgi-bin/wlogin.cgi script to minimize the risk of exploitation. Avoid using the username and password fields in the affected API endpoint until the issue is resolved.