CVE-2022-32548

CRITICAL

DrayTek Vigor Routers - Buffer Overflow via wlogin.cgi Username/Password

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-32548. PoCs published by MosaedH.

AI-analyzed exploit summary The repository claims to provide a Python-based RCE exploit for CVE-2022-32548 but only contains a placeholder script redirecting to an external payment link. The README lacks technical details and instead focuses on marketing language and external downloads.

Description

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

Exploits (1)

nomisec SUSPICIOUS 8 stars
by MosaedH · poc
https://github.com/MosaedH/CVE-2022-32548-RCE-POC

The repository claims to provide a Python-based RCE exploit for CVE-2022-32548 but only contains a placeholder script redirecting to an external payment link. The README lacks technical details and instead focuses on marketing language and external downloads.

Classification
Suspicious 95%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: DrayTek Vigor devices (multiple models)
No auth needed
Prerequisites: None specified
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 10.0
EPSS 0.6557
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (50)
draytek/vigor1000b_firmware < 4.3.1.1
draytek/vigor165_firmware < 4.2.4
draytek/vigor166_firmware < 4.2.4
draytek/vigor2133_firmware < 3.9.6.4
draytek/vigor2133ac_firmware < 3.9.6.4
draytek/vigor2133fvac_firmware < 3.9.6.4
draytek/vigor2133n_firmware < 3.9.6.4
draytek/vigor2133vac_firmware < 3.9.6.4
draytek/vigor2135_firmware < 4.4.2
draytek/vigor2135ac_firmware < 4.4.2
... and 40 more
Published Aug 29, 2022
Tracked Since Feb 18, 2026