Lucene search

[email protected]CVE-2022-32548

HistoryAug 29, 2022 - 6:15 a.m.

CVE-2022-32548

2022-08-2906:15:09

CWE-120

[email protected]

web.nvd.nist.gov

135

cve-2022-32548

draytek vigor

router

buffer overflow

security vulnerability

nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.7%

JSON

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

Affected configurations

NVD

Node

draytekvigor3910_firmwareRange<4.3.1.1

AND

draytekvigor3910Match-

Node

draytekvigor1000b_firmwareRange<4.3.1.1

AND

draytekvigor1000bMatch-

Node

draytekvigor2962_firmwareRange<4.3.1.1

AND

draytekvigor2962Match-

Node

draytekvigor2962p_firmwareRange<4.3.1.1

AND

draytekvigor2962pMatch-

Node

draytekvigor2927_firmwareRange<4.4.0

AND

draytekvigor2927Match-

Node

draytekvigor2927ax_firmwareRange<4.4.0

AND

draytekvigor2927axMatch-

Node

draytekvigor2927ac_firmwareRange<4.4.0

AND

draytekvigor2927acMatch-

Node

draytekvigor2927vac_firmwareRange<4.4.0

AND

draytekvigor2927vacMatch-

Node

draytekvigor2927l_firmwareRange<4.4.0

AND

draytekvigor2927lMatch-

Node

draytekvigor2927lac_firmwareRange<4.4.0

AND

draytekvigor2927lacMatch-

Node

draytekvigor2915_firmwareRange<4.3.3.2

AND

draytekvigor2915Match-

Node

draytekvigor2915ac_firmwareRange<4.3.3.2

AND

draytekvigor2915acMatch-

Node

draytekvigor2952_firmwareRange<3.9.7.2

AND

draytekvigor2952Match-

Node

draytekvigor2952p_firmwareRange<3.9.7.2

AND

draytekvigor2952pMatch-

Node

draytekvigor3220_firmwareRange<3.9.7.2

AND

draytekvigor3220Match-

Node

draytekvigor2926_firmwareRange<3.9.8.1

AND

draytekvigor2926Match-

Node

draytekvigor2926n_firmwareRange<3.9.8.1

AND

draytekvigor2926nMatch-

Node

draytekvigor2926ac_firmwareRange<3.9.8.1

AND

draytekvigor2926acMatch-

Node

draytekvigor2926vac_firmwareRange<3.9.8.1

AND

draytekvigor2926vacMatch-

Node

draytekvigor2926l_firmwareRange<3.9.8.1

AND

draytekvigor2926lMatch-

Node

draytekvigor2926ln_firmwareRange<3.9.8.1

AND

draytekvigor2926lnMatch-

Node

draytekvigor2926lac_firmwareRange<3.9.8.1

AND

draytekvigor2926lacMatch-

Node

draytekvigor2862_firmwareRange<3.9.8.1

AND

draytekvigor2862Match-

Node

draytekvigor2862n_firmwareRange<3.9.8.1

AND

draytekvigor2862nMatch-

Node

draytekvigor2862ac_firmwareRange<3.9.8.1

AND

draytekvigor2862acMatch-

Node

draytekvigor2862vac_firmwareRange<3.9.8.1

AND

draytekvigor2862vacMatch-

Node

draytekvigor2862b_firmwareRange<3.9.8.1

AND

draytekvigor2862bMatch-

Node

draytekvigor2862bn_firmwareRange<3.9.8.1

AND

draytekvigor2862bnMatch-

Node

draytekvigor2862l_firmwareRange<3.9.8.1

AND

draytekvigor2862lMatch-

Node

draytekvigor2862ln_firmwareRange<3.9.8.1

AND

draytekvigor2862lnMatch-

Node

draytekvigor2862lac_firmwareRange<3.9.8.1

AND

draytekvigor2862lacMatch-

Node

draytekvigor2620l_firmwareRange<3.9.8.1

AND

draytekvigor2620lMatch-

Node

draytekvigor2620ln_firmwareRange<3.9.8.1

AND

draytekvigor2620lnMatch-

Node

draytekvigorlte_200n_firmwareRange<3.9.8.1

AND

draytekvigorlte_200nMatch-

Node

draytekvigor2133_firmwareRange<3.9.6.4

AND

draytekvigor2133Match-

Node

draytekvigor2133n_firmwareRange<3.9.6.4

AND

draytekvigor2133nMatch-

Node

draytekvigor2133ac_firmwareRange<3.9.6.4

AND

draytekvigor2133acMatch-

Node

draytekvigor2133vac_firmwareRange<3.9.6.4

AND

draytekvigor2133vacMatch-

Node

draytekvigor2133fvac_firmwareRange<3.9.6.4

AND

draytekvigor2133fvacMatch-

Node

draytekvigor2762_firmwareRange<3.9.6.4

AND

draytekvigor2762Match-

Node

draytekvigor2762n_firmwareRange<3.9.6.4

AND

draytekvigor2762nMatch-

Node

draytekvigor2762ac_firmwareRange<3.9.6.4

AND

draytekvigor2762acMatch-

Node

draytekvigor2762vac_firmwareRange<3.9.6.4

AND

draytekvigor2762vacMatch-

Node

draytekvigor165_firmwareRange<4.2.4

AND

draytekvigor165Match-

Node

draytekvigor166_firmwareRange<4.2.4

AND

draytekvigor166Match-

Node

draytekvigor2135_firmwareRange<4.4.2

AND

draytekvigor2135Match-

Node

draytekvigor2135ac_firmwareRange<4.4.2

AND

draytekvigor2135acMatch-

Node

draytekvigor2135vac_firmwareRange<4.4.2

AND

draytekvigor2135vacMatch-

Node

draytekvigor2135fvac_firmwareRange<4.4.2

AND

draytekvigor2135fvacMatch-

Node

draytekvigor2765_firmwareRange<4.4.2

AND

draytekvigor2765Match-

Node

draytekvigor2765ac_firmwareRange<4.4.2

AND

draytekvigor2765acMatch-

Node

draytekvigor2765vac_firmwareRange<4.4.2

AND

draytekvigor2765vacMatch-

Node

draytekvigor2766_firmwareRange<4.4.2

AND

draytekvigor2766Match-

Node

draytekvigor2766ac_firmwareRange<4.4.2

AND

draytekvigor2766acMatch-

Node

draytekvigor2766vac_firmwareRange<4.4.2

AND

draytekvigor2766vacMatch-

Node

draytekvigor2832_firmwareRange<3.9.6

AND

draytekvigor2832Match-

Node

draytekvigor2865_firmwareRange<4.4.0

AND

draytekvigor2865Match-

Node

draytekvigor2865ax_firmwareRange<4.4.0

AND

draytekvigor2865axMatch-

Node

draytekvigor2865ac_firmwareRange<4.4.0

AND

draytekvigor2865acMatch-

Node

draytekvigor2865vac_firmwareRange<4.4.0

AND

draytekvigor2865vacMatch-

Node

draytekvigor2865l_firmwareRange<4.4.0

AND

draytekvigor2865lMatch-

Node

draytekvigor2865lac_firmwareRange<4.4.0

AND

draytekvigor2865lacMatch-

Node

draytekvigor2866_firmwareRange<4.4.0

AND

draytekvigor2866Match-

Node

draytekvigor2866ax_firmwareRange<4.4.0

AND

draytekvigor2866axMatch-

Node

draytekvigor2866ac_firmwareRange<4.4.0

AND

draytekvigor2866acMatch-

Node

draytekvigor2866vac_firmwareRange<4.4.0

AND

draytekvigor2866vacMatch-

Node

draytekvigor2866l_firmwareRange<4.4.0

AND

draytekvigor2866lMatch-

Node

draytekvigor2866lac_firmwareRange<4.4.0

AND

draytekvigor2866lacMatch-

CPENameOperatorVersion
draytek:vigor3910_firmwaredraytek vigor3910 firmwarelt4.3.1.1

CPE	Name	Operator	Version
draytek:vigor3910_firmware	draytek vigor3910 firmware	lt	4.3.1.1

References

www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers

www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

Social References

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.7%

JSON

Related for CVE-2022-32548

githubexploit14 trellix4 prion1 cvelist1 nvd1 thn1 checkpoint_advisories1