DrayTek Releases Security Updates

Security updates address a vulnerability with a CVSSv3 score of 10.0 that allows unauthenticated RCE

Threat ID:: CC-4142
Threat Severity:: Information only
Published:: 8 August 2022 3:30 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address a vulnerability with a CVSSv3 score of 10.0 that allows unauthenticated RCE

Affected platforms

The following platforms are known to be affected:

DrayTek Vigor

Vigor1000B - All prior to 4.3.1.1
Vigor130 - All prior to 3.8.5
Vigor165 - All prior to 4.2.4
Vigor166 - All prior to 4.2.4
Vigor167 - All prior to 5.1.1
Vigor2133 Series - All prior to 3.9.6.4
Vigor2135 Series - All prior to 4.4.2
Vigor2620 LTE Series - All prior to 3.9.8.1
Vigor2762 Series - All prior to 3.9.6.4
Vigor2765 Series - All prior to 4.4.2
Vigor2766 Series - All prior to 4.4.2
Vigor2832 - All prior to 3.9.6
Vigor2862 LTE Series - All prior to 3.9.8.1
Vigor2862 Series - All prior to 3.9.8.1
Vigor2865 LTE Series - All prior to 4.4.0
Vigor2865 Series - All prior to 4.4.0
Vigor2866 LTE Series - All prior to 4.4.0
Vigor2866 Series - All prior to 4.4.0
Vigor2915 Series - All prior to 4.3.3.2
Vigor2926 LTE Series - All prior to 3.9.8.1
Vigor2926 Series - All prior to 3.9.8.1
Vigor2927 LTE Series - All prior to 4.4.0
Vigor2927 Series - All prior to 4.4.0
Vigor2952 / 2952P - All prior to 3.9.7.2
Vigor2962 Series - All prior to 4.3.1.1
Vigor3220 Series - All prior to 3.9.7.2
Vigor3910 - All prior to 4.3.1.1
VigorLTE 200n - All prior to 3.9.8.1
VigorNIC 132 - All prior to 3.8.5

Threat details

Introduction

DrayTek has released security updates to address a critical vulnerability, found by Trellix researchers, which could lead to unauthenticated remote code execution (RCE). An attacker could exploit this vulnerability to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review DrayTek's latest firmware updates and apply the relevant update.

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2022-32548

Last edited: 9 August 2022 10:22 am