CVE-2022-32548

Exploit

EPSS 70.53%
Veröffentlicht 29.08.2022 06:15:09
Zuletzt bearbeitet 21.11.2024 07:06:36
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Draytek ≫ Vigor3910 Firmware Version < 4.3.1.1

Draytek ≫ Vigor3910 Version-

Draytek ≫ Vigor1000b Firmware Version < 4.3.1.1

Draytek ≫ Vigor1000b Version-

Draytek ≫ Vigor2962 Firmware Version < 4.3.1.1

Draytek ≫ Vigor2962 Version-

Draytek ≫ Vigor2962p Firmware Version < 4.3.1.1

Draytek ≫ Vigor2962p Version-

Draytek ≫ Vigor2927 Firmware Version < 4.4.0

Draytek ≫ Vigor2927 Version-

Draytek ≫ Vigor2927ax Firmware Version < 4.4.0

Draytek ≫ Vigor2927ax Version-

Draytek ≫ Vigor2927ac Firmware Version < 4.4.0

Draytek ≫ Vigor2927ac Version-

Draytek ≫ Vigor2927vac Firmware Version < 4.4.0

Draytek ≫ Vigor2927vac Version-

Draytek ≫ Vigor2927l Firmware Version < 4.4.0

Draytek ≫ Vigor2927l Version-

Draytek ≫ Vigor2927lac Firmware Version < 4.4.0

Draytek ≫ Vigor2927lac Version-

Draytek ≫ Vigor2915 Firmware Version < 4.3.3.2

Draytek ≫ Vigor2915 Version-

Draytek ≫ Vigor2915ac Firmware Version < 4.3.3.2

Draytek ≫ Vigor2915ac Version-

Draytek ≫ Vigor2952 Firmware Version < 3.9.7.2

Draytek ≫ Vigor2952 Version-

Draytek ≫ Vigor2952p Firmware Version < 3.9.7.2

Draytek ≫ Vigor2952p Version-

Draytek ≫ Vigor3220 Firmware Version < 3.9.7.2

Draytek ≫ Vigor3220 Version-

Draytek ≫ Vigor2926 Firmware Version < 3.9.8.1

Draytek ≫ Vigor2926 Version-

Draytek ≫ Vigor2926n Firmware Version < 3.9.8.1

Draytek ≫ Vigor2926n Version-

Draytek ≫ Vigor2926ac Firmware Version < 3.9.8.1

Draytek ≫ Vigor2926ac Version-

Draytek ≫ Vigor2926vac Firmware Version < 3.9.8.1

Draytek ≫ Vigor2926vac Version-

Draytek ≫ Vigor2926l Firmware Version < 3.9.8.1

Draytek ≫ Vigor2926l Version-

Draytek ≫ Vigor2926ln Firmware Version < 3.9.8.1

Draytek ≫ Vigor2926ln Version-

Draytek ≫ Vigor2926lac Firmware Version < 3.9.8.1

Draytek ≫ Vigor2926lac Version-

Draytek ≫ Vigor2862 Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862 Version-

Draytek ≫ Vigor2862n Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862n Version-

Draytek ≫ Vigor2862ac Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862ac Version-

Draytek ≫ Vigor2862vac Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862vac Version-

Draytek ≫ Vigor2862b Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862b Version-

Draytek ≫ Vigor2862bn Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862bn Version-

Draytek ≫ Vigor2862l Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862l Version-

Draytek ≫ Vigor2862ln Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862ln Version-

Draytek ≫ Vigor2862lac Firmware Version < 3.9.8.1

Draytek ≫ Vigor2862lac Version-

Draytek ≫ Vigor2620l Firmware Version < 3.9.8.1

Draytek ≫ Vigor2620l Version-

Draytek ≫ Vigor2620ln Firmware Version < 3.9.8.1

Draytek ≫ Vigor2620ln Version-

Draytek ≫ Vigorlte 200n Firmware Version < 3.9.8.1

Draytek ≫ Vigorlte 200n Version-

Draytek ≫ Vigor2133 Firmware Version < 3.9.6.4

Draytek ≫ Vigor2133 Version-

Draytek ≫ Vigor2133n Firmware Version < 3.9.6.4

Draytek ≫ Vigor2133n Version-

Draytek ≫ Vigor2133ac Firmware Version < 3.9.6.4

Draytek ≫ Vigor2133ac Version-

Draytek ≫ Vigor2133vac Firmware Version < 3.9.6.4

Draytek ≫ Vigor2133vac Version-

Draytek ≫ Vigor2133fvac Firmware Version < 3.9.6.4

Draytek ≫ Vigor2133fvac Version-

Draytek ≫ Vigor2762 Firmware Version < 3.9.6.4

Draytek ≫ Vigor2762 Version-

Draytek ≫ Vigor2762n Firmware Version < 3.9.6.4

Draytek ≫ Vigor2762n Version-

Draytek ≫ Vigor2762ac Firmware Version < 3.9.6.4

Draytek ≫ Vigor2762ac Version-

Draytek ≫ Vigor2762vac Firmware Version < 3.9.6.4

Draytek ≫ Vigor2762vac Version-

Draytek ≫ Vigor165 Firmware Version < 4.2.4

Draytek ≫ Vigor165 Version-

Draytek ≫ Vigor166 Firmware Version < 4.2.4

Draytek ≫ Vigor166 Version-

Draytek ≫ Vigor2135 Firmware Version < 4.4.2

Draytek ≫ Vigor2135 Version-

Draytek ≫ Vigor2135ac Firmware Version < 4.4.2

Draytek ≫ Vigor2135ac Version-

Draytek ≫ Vigor2135vac Firmware Version < 4.4.2

Draytek ≫ Vigor2135vac Version-

Draytek ≫ Vigor2135fvac Firmware Version < 4.4.2

Draytek ≫ Vigor2135fvac Version-

Draytek ≫ Vigor2765 Firmware Version < 4.4.2

Draytek ≫ Vigor2765 Version-

Draytek ≫ Vigor2765ac Firmware Version < 4.4.2

Draytek ≫ Vigor2765ac Version-

Draytek ≫ Vigor2765vac Firmware Version < 4.4.2

Draytek ≫ Vigor2765vac Version-

Draytek ≫ Vigor2766 Firmware Version < 4.4.2

Draytek ≫ Vigor2766 Version-

Draytek ≫ Vigor2766ac Firmware Version < 4.4.2

Draytek ≫ Vigor2766ac Version-

Draytek ≫ Vigor2766vac Firmware Version < 4.4.2

Draytek ≫ Vigor2766vac Version-

Draytek ≫ Vigor2832 Firmware Version < 3.9.6

Draytek ≫ Vigor2832 Version-

Draytek ≫ Vigor2865 Firmware Version < 4.4.0

Draytek ≫ Vigor2865 Version-

Draytek ≫ Vigor2865ax Firmware Version < 4.4.0

Draytek ≫ Vigor2865ax Version-

Draytek ≫ Vigor2865ac Firmware Version < 4.4.0

Draytek ≫ Vigor2865ac Version-

Draytek ≫ Vigor2865vac Firmware Version < 4.4.0

Draytek ≫ Vigor2865vac Version-

Draytek ≫ Vigor2865l Firmware Version < 4.4.0

Draytek ≫ Vigor2865l Version-

Draytek ≫ Vigor2865lac Firmware Version < 4.4.0

Draytek ≫ Vigor2865lac Version-

Draytek ≫ Vigor2866 Firmware Version < 4.4.0

Draytek ≫ Vigor2866 Version-

Draytek ≫ Vigor2866ax Firmware Version < 4.4.0

Draytek ≫ Vigor2866ax Version-

Draytek ≫ Vigor2866ac Firmware Version < 4.4.0

Draytek ≫ Vigor2866ac Version-

Draytek ≫ Vigor2866vac Firmware Version < 4.4.0

Draytek ≫ Vigor2866vac Version-

Draytek ≫ Vigor2866l Firmware Version < 4.4.0

Draytek ≫ Vigor2866l Version-

Draytek ≫ Vigor2866lac Firmware Version < 4.4.0

Draytek ≫ Vigor2866lac Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	70.53%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers

Third Party Advisory

Exploit

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-32548

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-32548

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-32548

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-32548