DrayTek Vigor Routers Remote Code Execution Vulnerability via Uninitialized Variable

A remote code execution vulnerability has been identified in Vigor Routers running DrayOS. This issue arises from an uninitialized variable in the HTTP CGI request arguments processing component, which can lead to memory corruption. The vulnerability can be exploited by sending crafted HTTP or HTTPS requests to the device's Web User Interface (WebUI). While routers are protected from WAN-based attacks if remote access to the WebUI and SSL VPN services is disabled, or if Access Control Lists (ACLs) are properly configured, an attacker with access to the local network could still exploit this vulnerability via the WebUI.

Impact

Exploitation of this vulnerability can cause memory corruption and a system crash, with the potential to execute remote code on the affected device.

Remediation

Users are advised to upgrade the router's firmware to the latest version specified for their model. The recommended firmware versions vary by model, with some requiring versions as recent as 4.5.1 or later. For a complete list of affected models and their corresponding firmware update requirements, please refer to the official DrayTek security advisory.