DrayTek Critical Vulnerability

A new DrayTek vulnerability filed under CVE-2022-32548 has been discovered which is affecting multiple DrayTek routers.

DrayTek Critical Vulnerability (CVE-2022-32548)

If you’re using a Draytek router within your business, you could be exposed to possible exploitation by hackers because of a new Critical Vulnerability which was announced on 3rd August 2022.

The vulnerable DrayTek devices are:

Vigor3910 <
Vigor1000B <
Vigor2962 Series <
Vigor2927 Series < 4.4.0
Vigor2927 LTE Series < 4.4.0
Vigor2915 Series <
Vigor2952 / 2952P <
Vigor3220 Series <
Vigor2926 Series <
Vigor2926 LTE Series <
Vigor2862 Series <
Vigor2862 LTE Series <
Vigor2620 LTE Series <
VigorLTE 200n <
Vigor2133 Series <

Vigor2762 Series <
Vigor167 < 5.1.1
Vigor130 < 3.8.5
VigorNIC 132 < 3.8.5
Vigor165 < 4.2.4
Vigor166 < 4.2.4
Vigor2135 Series < 4.4.2
Vigor2765 Series < 4.4.2
Vigor2766 Series < 4.4.2
Vigor2832 < 3.9.6
Vigor2865 Series < 4.4.0
Vigor2865 LTE Series < 4.4.0
Vigor2866 Series < 4.4.0
Vigor2866 LTE Series < 4.4.0

Looking at Shodan, you can see that over 270,000 DrayTek devices are visible to the internet in the UK alone, meaning all of these are at some risk of being compromised if not updated.

Here’s a video showing the exploitation of a Draytek 3910 router using this Critical Vulnerability.

What issues could be caused by this Critical Vulnerability of Draytek routers?

Draytek routers with this critical vulnerability could be exploited leading to these possible threats:

– Sensitive data that’s stored on the router being leaked (e.g. Passwords and keys)

– Access to the internal resources located on the LAN which would normally require a VPN access or to be on the same network.

– Man in the middle of network traffic

– Spying on DNS requests and other unencrypted traffic directed to the internet through the router.

– Packet capture of the data going through any port of the router.

– DDoS attacks to be performed

How to Detect the Attacks 

Attempts of attacks can be detected by logging/alertig when a malformed base64 string is sent via a POST request to the /cgi-bin/wlogin.cgi end-point on the web management interface router. Malformed base64 strings indicative of an attack would have an abnormally high number of %3D padding. Any number over three should be considered suspicious.

How to Prevent and Protect your DrayTek Router from Attacks

We recomend the following to anyone who feels their DrayTek router is vulnerable or has been affected by the attacks.

– Make sure the latest firmware updates have been deployed onto the device. You see the latest updates, you can visit the DrayTek website.

– Within the management interface of the device, make sure that port mirroring, Authorised VPN access, DNS settings and any other relevant settings haven’t been messed around with or changed.

– Do not expose the management interface to the internet, unless fully required. If you do, make sure 2FA and IP restrication has been enabled to minimise the risk of any attacks.

– Change passwords of the devices that have been affected by attacks.


You can find more information about the new DrayTek Critical Vulnerability here.

5.0 95 reviews

  • Avatar Debbie D. ★★★★★ 3 weeks ago
    Great service so far what with me being a new starter, & I've heard really positive things about Reformed IT from many of my colleagues, so I have no doubt this great service … More will continue!
  • Avatar Chloe J. ★★★★★ 4 months ago
    Reformed IT always provide excellent service and support. Since working for Walton and Allen the team have always been fast to resolve any IT issues I have had. Thank you for all of … More your help 🙂
  • Avatar Emily S. ★★★★★ 4 months ago
    Reformed IT are beyond brilliant, anytime I have called in need of help since working for Walton & Allen, nothing is too much trouble, they have resolved any issue with ease.
    … More staff are always happy to help, friendly service every time. It can be stressful when your job is based mostly on a computer, and there is some kind of problem you are unsure how to resolve, but with Reformed IT just a phone call away, it is so re-assuring to know that anytime I hit a roadblock, you guys are there to save the day!
    Big thanks to you all, be lost without you guys!
  • Avatar Steve C. ★★★★★ 4 months ago
    Reformed IT have been providing co-managed IT and Cyber Security services to us for just over a year and have never performed less than superbly. Rare to find a company as responsive … More and easy to deal with. I learn something new almost every time I talk with them, highly recommended!