Critical RCE vulnerability impacts 29 models of DrayTek routers

Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers.

The vulnerability is tracked as CVE-2022-32548 and carries a maximum CVSS v3 severity score of 10.0, categorizing it as critical.

DrayTek Vigor 3910 and 28 other router models are vulnerable to the discovered RCE flaw.

The compromise of a network appliance such as the Vigor 3910 router could lead to a leak of the sensitive data stored on the router, access to the internal resources, a man in the middle of the network traffic, botnet activity, and packet capture of the data going through any port of the router, among other things.

DrayTek released the patch less than thirty days after the vulnerability disclosure.

There have been no signs of CVE-2022-32548, but as CISA reported recently, SOHO routers are always in the crosshair of state-sponsored APTs from China and elsewhere.

Impact

Leak of the sensitive data stored on the router (keys, administrative passwords, etc.)
Access to the internal resources located on the LAN that would normally require VPN-access or be present “on the same network”
Man in the middle of the network traffic
Spying on DNS requests and other unencrypted traffic directed to the internet from the LAN through the router
Packet capture of the data going through any port of the router
Botnet activity (DDoS, hosting malicious data, etc.)