Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-32548 PoC — DrayTek Vigor routers 安全漏洞

Source
https://github.com/MosaedH/CVE-2022-32548-RCE-POC
Associated Vulnerability
Title:DrayTek Vigor routers 安全漏洞 (CVE-2022-32548)
Description:DrayTek Vigor routers是台湾居易科技(DrayTek)公司的一系列路由器。 DrayTek Vigor routers 存在安全漏洞,该漏洞源于其/cgi-bin/wlogin.cgi组件存在缓冲区溢出导致攻击者可以通过用户名或密码到aa或ab字段。以下版本受到影响:2022年7月之前的版本,例如Vigor3910固件4.3.1.1之前的版本。
Readme
# CVE-2022-32548-RCE-POC
DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field

# Technical details

The web management interface of the vulnerable DrayTek devices is affected by a buffer overflow on the login page at /cgi-bin/wlogin.cgi. An attacker may supply carefully crafted username and/or password as base64 encoded strings inside the fields aa and ab of the login page

# details:
full chained Unauthenticated RCE written in python with multi targets (list of ips) capability and threading (for faster checking huge list of ips), the script save the result in separate file (vulns.txt) for feature use.
this upload comes with huge list of servers from shodan.



# dorks:
shodan (src: <a href="https://www.shodan.io/search/facet?query=ssl%3A%22DrayTek%22&facet=country" target="_blank" datalink-type="external" datalink-id="newco:www.shodan.io:search:facet?query=ssl%3a%22draytek%22&facet=country">Shodan</a>)

![Alt text](/shodan.jpg "shodan Dork")


# Vulnerable devices

# The vulnerable devices are as follow:

* Vigor3910 < 4.3.1.1
* Vigor1000B < 4.3.1.1
* Vigor2962 Series < 4.3.1.1
* Vigor2927 Series < 4.4.0
* Vigor2927 LTE Series < 4.4.0
* Vigor2915 Series < 4.3.3.2
* Vigor2952 / 2952P < 3.9.7.2
* Vigor3220 Series < 3.9.7.2
* Vigor2926 Series < 3.9.8.1
* Vigor2926 LTE Series < 3.9.8.1
* Vigor2862 Series < 3.9.8.1
* Vigor2862 LTE Series < 3.9.8.1
* Vigor2620 LTE Series < 3.9.8.1
* VigorLTE 200n < 3.9.8.1
* Vigor2133 Series < 3.9.6.4
* Vigor2762 Series < 3.9.6.4
* Vigor165 < 4.2.4
* Vigor166 < 4.2.4
* Vigor2135 Series < 4.4.2
* Vigor2765 Series < 4.4.2
* Vigor2766 Series < 4.4.2
* Vigor2832 < 3.9.6
* Vigor2865 Series < 4.4.0
* Vigor2865 LTE Series < 4.4.0
* Vigor2866 Series < 4.4.0
* Vigor2866 LTE Series < 4.4.0

[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Frftg1000%2FCVE-2022-32548-RCE-POC&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=vigor&edge_flat=false)](https://hits.seeyoufarm.com)
File Snapshot

 [4.0K]  /data/pocs/8e0ccae973555c25255f233568262b595ee4cc1f
├── [  80]  CVE-2022-32548-mass.py
├── [2.0K]  README.md
└── [ 51K]  shodan.jpg

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.