Trellix uncovers vulnerability in DrayTek routers

The Trellix Threat Labs Vulnerability Research team has released research detailing an unauthenticated remote code execution vulnerability, filed under CVE-2022-32548, affecting multiple routers from DrayTek, a Taiwanese company that manufactures Small Office and Home Office (SOHO) routers.

The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources. All the affected models have a patched firmware available for download on the vendor’s website.

“With many businesses implementing work from home policies over the last two years, these affordable devices offer an easy way for Small and Medium Sized Businesses (SMBs) to provide VPN access to their employees. For this reason, we decided to look into the security of one of their flagship products, the Vigor 3910. We uncovered over 200k devices which have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited,” said Philippe Laulheret, Senior Security Researcher at Trellix.

The compromise of a network appliance such as the Vigor 3910 can lead to a host of undesirable outcomes including leak of sensitive data stored on the router; access to the internal resources located on the LAN that would normally require VPN-access or be present “on the same network”; man-in-the-middle of the network traffic; spying on DNS requests and other unencrypted traffic directed to the internet from the LAN through the router; packet capture of the data going through any port of the router or Botnet activity. Furthermore, failed exploitation attempts can lead to reboot of the device, denial of service of affected devices and other possible abnormal behavior.

For those organizations that use DrayTek routers, Trellix recommends:

  • Make sure the latest firmware is deployed to the device. The latest firmware can be found on the website of the manufacturer.
  • In the management interface of the device, verify that port mirroring, DNS settings, authorized VPN access and any other relevant settings have not been tampered with.
  • Do not expose the management interface to the Internet unless absolutely required. If you do, make sure you enable 2FA and IP restriction to minimize the risk of an attack.
  • Change the password of affected devices and revoke any secret stored on the router that may have been leaked.

“Edge devices, such as the Vigor 3910 router, live on the boundary between internal and external networks. As such they are a prime target for cybercriminals and threat actors alike. Remotely breaching edge devices can lead to a full compromise of the businesses’ internal network. This is why it is critical to ensure these devices remain secure and updated and that vendors producing edge devices have processes in place for quick and efficient response following vulnerability disclosure, just as DrayTek did,” added Laulheret. “We applaud the great responsiveness and the release of a patch less than 30 days after we disclosed the vulnerability to their security team. This type of responsiveness and relationship shows true organization maturity and drive to improve security across the entire industry.”

For more news and exclusive features, please see our Q2 issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

trellix

Trellix Launches Xtend Global Channel Partner Program

Trellix announced the launch of its Trellix Xtend Global Channel Partner Program. Xtend was developed to increase profitability…
trellix

Trellix Predicts Heightened Hacktivism

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), released its annual threat predictions

Trellix expands their XDR platform

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), has announced the expansion of its XDR platform.
Britt Norwood

Trellix announces Xtend partner program

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), has announced Trellix Xtend.

Trellix establishes Advanced Research Center

Trellix, the cybersecurity company delivering the future of extended detection, today announced the establishment of the Trellix Advanced Research Center.

Kim Anstett Appointed Trellix CIO

Trellix has announced Kim Anstett has joined Trellix as Chief Information Officer (CIO).

Trellix uncovers vulnerability in DrayTek routers

The Trellix Threat Labs Vulnerability Research team has released research detailing an unauthenticated remote code execution vulnerability.
Trellix

Trellix and CSIS find organisations outmatched

Trellix, a cybersecurity company, and the Center for Strategic and International Studies (CSIS) released a global report, In the Crosshairs: Organization
Fabien

Into the cloud – Fabien Rech

Fabien Rech, VP EMEA, Trellix. To me, security means having the capacity to act freely; feeling protected from harm or other danger.
Fabien

Into the cloud – Fabien Rech

Fabien Rech, VP EMEA, Trellix. To me, security means having the capacity to act freely; feeling protected from harm or other danger.
Scroll to Top