CVE-2022-32548 An issue was found on certain DrayTek Vigor routers before July 2022, such as the Vigor3910 4.3.1.1

An attacker can access or modify the aa or ab field to execute arbitrary code or cause a denial of service condition. When running the DrayTek Vigor3910 before 4.3.1.1 with CPanel or DirectAdmin and DrayTek Vigor 8/Vigor2900/Vigor2950 before 4.3.1.1 with CPanel or DirectAdmin, the cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. An attacker can access or modify the aa or ab field to execute arbitrary code or cause a denial of service condition. When running the DrayTek Vigor3910 before 4.3.1.1 with CPanel or DirectAdmin and DrayTek Vigor 8/Vigor2900/Vigor2950 before 4.3.1.1 with CPanel or DirectAdmin, the cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. An attacker can access or modify the aa or ab field to execute arbitrary code or cause a denial of service condition. When running the DrayTek Vigor3910 before 4.3.1.1 with CPanel or DirectAdmin and DrayTek Vigor 8/Vigor2900/Vigor2950 before 4.3.1.1 with CPanel or DirectAdmin,

Vulnerability overview

The vulnerability is caused by a buffer overflow in the cgi-bin/wlogin.cgi script when processing user input to the username or password fields on startup. An attacker may be able to access or modify the aa or ab field to execute arbitrary code or cause a denial of service condition. DrayTek Vigor3910 before 4.3.1.1 with CPanel or DirectAdmin and DrayTek Vigor 8/Vigor2900/Vigor2950 before 4.3.1.1 with CPanel or DirectAdmin are vulnerable when running the cgi-bin/wlogin.cgi script on startup, which may allow an attacker to gain unauthorized access and execute arbitrary commands via buffer overflows in the cgi-bin/wlogin.cgi script on startup, which will result in cross site scripting (XSS) errors served from web servers hosting PHP scripts, as well as reflect XSS attacks against targeted users with lower privileges within your network environments such as web servers hosting PHP scripts and CGI scripts etc.

DrayTek Vigor 3910

An attacker can access or modify the aa or ab field to execute arbitrary code or cause a denial of service condition. When running the DrayTek Vigor3910 before 4.3.1.1 with CPanel or DirectAdmin and DrayTek Vigor 8/Vigor2900/Vigor2950 before 4.3.1.1 with CPanel or DirectAdmin, the cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. When running the DrayTek Vigor 3910 before 4.3.1.1 with CPanel or DirectAdmin, an attacker can access the router by logging in to www.

Timeline

Published on: 08/29/2022 06:15:00 UTC
Last modified on: 09/01/2022 19:56:00 UTC

References

• https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
• https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32548