DrayTek.Devices.wlogin.PreLogin.Command.Injection

Description

This indicates an attack attempt to exploit a Command Injection vulnerability in DrayTek Vigor devices.
The vulnerability is due to insufficient sanitizing of user supplied inputs. A remote attacker may be able to exploit this to execute arbitrary commands within the context of the application, via a crafted HTTP request.

Affected Products

Vigor3910 before 4.3.1.1
Vigor1000B before 4.3.1.1
Vigor2962 Series before 4.3.1.1
Vigor2927 Series before 4.4.0
Vigor2927 LTE Series before 4.4.0
Vigor2915 Series before 4.3.3.2
Vigor2952 / 2952P before 3.9.7.2
Vigor3220 Series before 3.9.7.2
Vigor2926 Series before 3.9.8.1
Vigor2926 LTE Series before 3.9.8.1
Vigor2862 Series before 3.9.8.1
Vigor2862 LTE Series before 3.9.8.1
Vigor2620 LTE Series before 3.9.8.1
VigorLTE 200n before 3.9.8.1
Vigor2133 Series before 3.9.6.4
Vigor2762 Series before 3.9.6.4
Vigor165 before 4.2.4
Vigor166 before 4.2.4
Vigor2135 Series before 4.4.2
Vigor2765 Series before 4.4.2
Vigor2766 Series before 4.4.2
Vigor2832 before 3.9.6
Vigor2865 Series before 4.4.0
Vigor2865 LTE Series before 4.4.0
Vigor2866 Series before 4.4.0
Vigor2866 LTE Series before 4.4.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.draytek.com/about/security-advisory/draytek-router-unauthenticated-remote-code-execution-vulnerability-(cve-2022-32548)/

References