Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-32548

Published: 29/08/2022 Updated: 01/09/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Draytek

Vulnerability Summary

An issue exists on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 prior to 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

draytek vigor3910_firmware

draytek vigor1000b_firmware

draytek vigor2962_firmware

draytek vigor2962p_firmware

draytek vigor2927_firmware

draytek vigor2927ax_firmware

draytek vigor2927ac_firmware

draytek vigor2927vac_firmware

draytek vigor2927l_firmware

draytek vigor2927lac_firmware

draytek vigor2915_firmware

draytek vigor2915ac_firmware

draytek vigor2952_firmware

draytek vigor2952p_firmware

draytek vigor3220_firmware

draytek vigor2926_firmware

draytek vigor2926n_firmware

draytek vigor2926ac_firmware

draytek vigor2926vac_firmware

draytek vigor2926l_firmware

draytek vigor2926ln_firmware

draytek vigor2926lac_firmware

draytek vigor2862_firmware

draytek vigor2862n_firmware

draytek vigor2862ac_firmware

draytek vigor2862vac_firmware

draytek vigor2862b_firmware

draytek vigor2862bn_firmware

draytek vigor2862l_firmware

draytek vigor2862ln_firmware

draytek vigor2862lac_firmware

draytek vigor2620l_firmware

draytek vigor2620ln_firmware

draytek vigorlte_200n_firmware

draytek vigor2133_firmware

draytek vigor2133n_firmware

draytek vigor2133ac_firmware

draytek vigor2133vac_firmware

draytek vigor2133fvac_firmware

draytek vigor2762_firmware

draytek vigor2762n_firmware

draytek vigor2762ac_firmware

draytek vigor2762vac_firmware

draytek vigor165_firmware

draytek vigor166_firmware

draytek vigor2135_firmware

draytek vigor2135ac_firmware

draytek vigor2135vac_firmware

draytek vigor2135fvac_firmware

draytek vigor2765_firmware

draytek vigor2765ac_firmware

draytek vigor2765vac_firmware

draytek vigor2766_firmware

draytek vigor2766ac_firmware

draytek vigor2766vac_firmware

draytek vigor2832_firmware

draytek vigor2865_firmware

draytek vigor2865ax_firmware

draytek vigor2865ac_firmware

draytek vigor2865vac_firmware

draytek vigor2865l_firmware

draytek vigor2865lac_firmware

draytek vigor2866_firmware

draytek vigor2866ax_firmware

draytek vigor2866ac_firmware

draytek vigor2866vac_firmware

draytek vigor2866l_firmware

draytek vigor2866lac_firmware

Github Repositories

https://github.com/MosaedH/CVE-2022-32548-RCE-POC

CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogincgi via username field Technical details The web management interface of the vulnerable DrayTek devices is affected by a buffer overflow on the login page at /cgi-bin/wlogincgi An attacker may supply carefully crafted username and/or password as base64 encode

https://github.com/AKQuraish/Autonomous

OSINT

Autonomous OSINT DESCRIPTION: Under the Saudi Telecom Company JSC network there are around 2300 sytems facing an issue Can you find the category of that vulnerability? To start investigating we first need to find the Autonomous System Number of the Saudi Telecom Company JSC: We can find all ASN numbers in Saudi Arabia in ipinfoio/countries/sa#section-summary Here we

References

CWE-120https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.htmlhttps://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routershttps://nvd.nist.govhttps://github.com/MosaedH/CVE-2022-32548-RCE-POChttps://github.com/AKQuraish/Autonomous
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook