Critical Vulnerability in DrayTek Routers

Published on 04 Aug 2022

Updated on 04 Aug 2022

DrayTek has released patches to address a critical vulnerability (CVE-2022-32548) affecting multiple DrayTek routers.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to perform remote code execution (RCE). This may lead to a complete compromise of the device and allow access to internal resources of breached networks.

The affected product versions:
•       Vigor3910 < 4.3.1.1
•       Vigor1000B < 4.3.1.1
•       Vigor2962 Series < 4.3.1.1
•       Vigor2927 Series < 4.4.0
•       Vigor2927 LTE Series < 4.4.0
•       Vigor2915 Series < 4.3.3.2
•       Vigor2952 / 2952P < 3.9.7.2
•       Vigor3220 Series < 3.9.7.2
•       Vigor2926 Series < 3.9.8.1
•       Vigor2926 LTE Series < 3.9.8.1
•       Vigor2862 Series < 3.9.8.1
•       Vigor2862 LTE Series < 3.9.8.1
•       Vigor2620 LTE Series < 3.9.8.1
•       VigorLTE 200n < 3.9.8.1
•       Vigor2133 Series < 3.9.6.4
•       Vigor2762 Series < 3.9.6.4
•       Vigor167 < 5.1.1
•       Vigor130 < 3.8.5
•       VigorNIC 132 < 3.8.5
•       Vigor165 < 4.2.4
•       Vigor166 < 4.2.4
•       Vigor2135 Series < 4.4.2
•       Vigor2765 Series < 4.4.2
•       Vigor2766 Series < 4.4.2
•       Vigor2832 < 3.9.6
•       Vigor2865 Series < 4.4.0
•       Vigor2865 LTE Series < 4.4.0
•       Vigor2866 Series < 4.4.0
•       Vigor2866 LTE Series < 4.4.0

Administrators and users of affected products are advised to upgrade to the latest versions immediately.

More information is available here:
https://www.draytek.com/support/latest-firmwares/