Nottingham: 01158 244 824

Remote IT Support? Click Here!

Derby: 01332 890 370

DrayTek Critical Vulnerability

A new DrayTek vulnerability filed under CVE-2022-32548 has been discovered which is affecting multiple DrayTek routers.

DrayTek Critical Vulnerability (CVE-2022-32548)

If you’re using a Draytek router within your business, you could be exposed to possible exploitation by hackers because of a new Critical Vulnerability which was announced on 3rd August 2022.

The vulnerable DrayTek devices are:

Vigor3910 < 4.3.1.1
Vigor1000B < 4.3.1.1
Vigor2962 Series < 4.3.1.1
Vigor2927 Series < 4.4.0
Vigor2927 LTE Series < 4.4.0
Vigor2915 Series < 4.3.3.2
Vigor2952 / 2952P < 3.9.7.2
Vigor3220 Series < 3.9.7.2
Vigor2926 Series < 3.9.8.1
Vigor2926 LTE Series < 3.9.8.1
Vigor2862 Series < 3.9.8.1
Vigor2862 LTE Series < 3.9.8.1
Vigor2620 LTE Series < 3.9.8.1
VigorLTE 200n < 3.9.8.1
Vigor2133 Series < 3.9.6.4

Vigor2762 Series < 3.9.6.4
Vigor167 < 5.1.1
Vigor130 < 3.8.5
VigorNIC 132 < 3.8.5
Vigor165 < 4.2.4
Vigor166 < 4.2.4
Vigor2135 Series < 4.4.2
Vigor2765 Series < 4.4.2
Vigor2766 Series < 4.4.2
Vigor2832 < 3.9.6
Vigor2865 Series < 4.4.0
Vigor2865 LTE Series < 4.4.0
Vigor2866 Series < 4.4.0
Vigor2866 LTE Series < 4.4.0

Looking at Shodan, you can see that over 270,000 DrayTek devices are visible to the internet in the UK alone, meaning all of these are at some risk of being compromised if not updated.

Here’s a video showing the exploitation of a Draytek 3910 router using this Critical Vulnerability.

What issues could be caused by this Critical Vulnerability of Draytek routers?

Draytek routers with this critical vulnerability could be exploited leading to these possible threats:

– Sensitive data that’s stored on the router being leaked (e.g. Passwords and keys)

– Access to the internal resources located on the LAN which would normally require a VPN access or to be on the same network.

– Man in the middle of network traffic

– Spying on DNS requests and other unencrypted traffic directed to the internet through the router.

– Packet capture of the data going through any port of the router.

– DDoS attacks to be performed

How to Detect the Attacks 

Attempts of attacks can be detected by logging/alertig when a malformed base64 string is sent via a POST request to the /cgi-bin/wlogin.cgi end-point on the web management interface router. Malformed base64 strings indicative of an attack would have an abnormally high number of %3D padding. Any number over three should be considered suspicious.

How to Prevent and Protect your DrayTek Router from Attacks

We recomend the following to anyone who feels their DrayTek router is vulnerable or has been affected by the attacks.

– Make sure the latest firmware updates have been deployed onto the device. You see the latest updates, you can visit the DrayTek website.

– Within the management interface of the device, make sure that port mirroring, Authorised VPN access, DNS settings and any other relevant settings haven’t been messed around with or changed.

– Do not expose the management interface to the internet, unless fully required. If you do, make sure 2FA and IP restrication has been enabled to minimise the risk of any attacks.

– Change passwords of the devices that have been affected by attacks.

 

You can find more information about the new DrayTek Critical Vulnerability here.

5.0 56 reviews

  • Avatar Tom M. ★★★★★ 2 months ago
    A recent utility emergency at one of our sites was made much more bearable due to Reformed going above and beyond. Would recommend for all IT and communication requirements.
  • Avatar Laura H. ★★★★★ 4 months ago
    Always helpful when I have any issues in office. Today, my laptop died whilst working from home and after not being able to help remotely, Joe came over and was able to fix the problem! … More Super fast solution. Was here within half an hour, another half an hour later - Laptop working again.
  • Avatar Louis D. ★★★★★ 7 months ago
    Scott helped me regain most of my lost emails after moving over to a different email provider. Mentioned he was just happy to help out a small local business. he was really professional … More and spent a good deal of time helping me with my problem! cannot recommend them enough and saved my skin!
  • Avatar Caroline S. ★★★★★ 7 months ago
    We have recently had Reformed IT install a new 3CX phone and IT systems. Their team are extremely friendly and helpful. Nothing has been too much trouble for them. I would highly … More recommend their services.