Essential RCE Bug Might Let Hackers Remotely Take Over DrayTek Vigor Routers

As many as 29 completely different router fashions from DrayTek have been recognized as affected by a brand new important, unauthenticated, distant code execution vulnerability that, if efficiently exploited, may result in full compromise of the gadget and unauthorized entry to the broader community.

“The assault may be carried out with out person interplay if the administration interface of the gadget has been configured to be web going through,” Trellix researcher Philippe Laulheret mentioned. “A one-click assault will also be carried out from throughout the LAN within the default gadget configuration.”

Filed beneath CVE-2022-32548, the vulnerability has acquired the utmost severity score of 10.0 on the CVSS scoring system, owing to its capacity to fully enable an adversary to grab management of the routers.

At its core, the shortcoming is the results of a buffer overflow flaw within the net administration interface (“/cgi-bin/wlogin.cgi”), which may be weaponized by a malicious actor by supplying specifically crafted enter.

“The consequence of this assault is a takeover of the so-called ‘DrayOS’ that implements the router functionalities,” Laulheret mentioned. “On gadgets which have an underlying Linux working system (such because the Vigor 3910) it’s then attainable to pivot to the underlying working system and set up a dependable foothold on the gadget and native community.”

Over 200,000 gadgets from the Taiwanese producer are mentioned to have the weak service presently uncovered on the web and would require no person interplay to be exploited.

The breach of a community equipment corresponding to Vigor 3910 couldn’t solely go away a community open to malicious actions corresponding to credential and mental property theft, botnet exercise, or a ransomware assault, but in addition trigger a denial-of-service (DoS) situation.

The disclosure comes a bit of over a month after it emerged that routers from ASUS, Cisco, DrayTek, and NETGEAR are beneath assault from a brand new malware known as ZuoRAT concentrating on North American and European networks.

Whereas there are not any indicators of exploitation of the vulnerability within the wild to this point, it is advisable to use the firmware patches as quickly as attainable to safe in opposition to potential threats.

“Edge gadgets, such because the Vigor 3910 router, stay on the boundary between inside and exterior networks,” Laulheret famous. “As such they’re a primary goal for cybercriminals and risk actors alike. Remotely breaching edge gadgets can result in a full compromise of the companies’ inside community.”