CVE-2022-32548

critical

Description

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

References

https://www.forescout.com/resources/draybreak-draytek-research/

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers

Details

Source: Mitre, NVD

Published: 2022-08-29

Updated: 2022-09-01

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H