Vulnerability Details : CVE-2022-32548
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
Vulnerability category: Overflow
Products affected by CVE-2022-32548
- cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2962p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2927_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2927ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2927ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2927vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2927l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2927lac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2915ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2952p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2926n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2926ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2926vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2926l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2926ln_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2926lac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862bn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862ln_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2862lac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2620l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2620ln_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigorlte_200n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2133n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2133ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2133vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2133fvac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2762n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2762ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2762vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2135ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2135vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2135fvac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2765ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2765vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2766ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2766vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2865ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2865ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2865vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2865l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2865lac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2866ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2866ac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2866vac_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2866l_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2866lac_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-32548
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-32548
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
MITRE | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-32548
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-32548
-
https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers
SMBs Exposed to Attacks by Critical Vulnerability in DrayTek Vigor Routers | SecurityWeek.ComExploit;Third Party Advisory
-
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor RoutersExploit;Third Party Advisory
Jump to