An issue exists on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 prior to 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
CVE-2022-32548-RCE-POC
DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogincgi via username field
Technical details
The web management interface of the vulnerable DrayTek devices is affected by a buffer overflow on the login page at /cgi-bin/wlogincgi An attacker may supply carefully crafted username and/or password as base64 encode
Autonomous
OSINT
DESCRIPTION:
Under the Saudi Telecom Company JSC network there are around 2300 sytems facing an issue Can you find the category of that vulnerability?
To start investigating we first need to find the Autonomous System Number of the Saudi Telecom Company JSC:
We can find all ASN numbers in Saudi Arabia in ipinfoio/countries/sa#section-summary
Here we