Advisories

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates above to be notified as soon as we publish an advisory.

1:40pm, 5 August 2022

TLP Rating: White

DrayTek Router RCE vulnerability

CERT NZ is aware of a possible exploit that is affecting some DrayTek routers.

Attacks can be performed without user interaction if the management interface of the device has been configured to be internet facing. Exploitation of this vulnerability can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources.

CERT NZ is not currently aware of active exploitation of this vulnerability. However, we strongly recommend you investigate and patch any DrayTek devices on your network as soon as possible to prevent them from being compromised.

What's happening

Systems affected

DrayTek routers that have interface management that is internet facing.

Devices where the affected service is not exposed externally are still vulnerable to a one-click attack from the local area network (LAN).

A full list of vulnerable devices can be found here:

DrayTek Router unauthenticated remote code execution vulnerability (CVE-2022-32548) | DrayTek External Link

What this means

All affected devices need to be updated with recommended mitigations to prevent the device from being compromised.

What to look for

How to tell if you're at risk

If you are using a DrayTek router, you may be at risk of being compromised.

This is a device that may be used in small businesses, home and remote working setups.

What to do

Mitigation

Ensure any DrayTek devices are patched to the latest version.

As there are no other ways to prevent the vulnerability, if you cannot patch these devices, you should consider disconnecting them or turning them off.

Patch documentation and files for DrayTek can be found here:

Latest Firmwares | DrayTek External Link

Update the device using the vendor’s recommended practices.

These practices can be found here: Upgrading Router Firmware using the Web Interface (draytek.co.uk) External Link

More information

Full details about this vulnerability can be found here:

DrayTek Router unauthenticated remote code execution vulnerability (CVE-2022-32548) | DrayTek External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link