Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers

04-Aug-22

Up to 29 different DrayTek router models have been found to be vulnerable to a brand-new critical, unauthenticated remote code execution flaw that, if exploited, could result in the complete compromise of the devices and unauthorised access to the larger network.

The main cause of the problem is a buffer overflow in the web administration interface ("/cgi-bin/wlogin.cgi"), which a hostile actor might exploit by providing carefully crafted input. Read More…