DrayTek Routers Vulnerable to Complete Takeover


by Artie Kaye

Affecting over 200,000 devices, this exploit is caused by a logic bug in the login system, which can allow an attacker to bypass all security and gain full control over the device.  The routers in question are typically employed in small to medium businesses for VPN access.  There are 29 models of router that are affected and a patch for the problem has been released.  Update your devices as soon as you can.

The flaw is listed as CVE-2022-32548.

https://www.itpro.co.uk/security/368725/over-200000-draytek-routers-vulnerable-to-total-device-takeover

https://www.darkreading.com/endpoint/critical-rce-bug-draytek-routers-smbs-zero-click-attacks