- DrayTek patches CVE-2025-10547, a firmware flaw enabling crashes or remote code execution
- Vulnerability affects routers with exposed WebUI or misconfigured ACLs; local access also exploitable
- Vigor routers are common in SMBs, making them attractive targets for persistent cyberattacks
Network gear manufacturer DrayTek has patched a dangerous vulnerability found in dozens of Vigor business router models, and is urging users to apply the fix as soon as possible.
In a security advisory, DrayTek said it discovered an “uninitialized variables in the firmware” vulnerability in DrayOS (the OS powering Vigor routers) which, if exploited, could result in memory corruption or system crashes. There is also “potential in certain circumstances” to use the bug for remote code execution, as well.
The bug is tracked as CVE-2025-10547 and is yet to be assigned a severity score.
List of affected Vigor routers
Threat actors can abuse it by sending custom-crafted HTTP or HTTPS requests to the devices Web User Interface (WebUI).
DrayTek says the bug only affects routers that have remote access to the WebUI and SSL VPN services enabled, as well as those whose Access Control Lists (ACLs) are misconfigured.
“Nevertheless, an attacker with access to the local network could still exploit the vulnerability via the WebUI,” the advisory explains. “Local access to the WebUI can be controlled on some models using LAN side VLANs and ACLs. To ensure full protection, we strongly recommend upgrading the firmware to the minimum version specified below.”
The entire list of affected routers is quite extensive, and it can be found on this link.
At press time, there was no information about the bug being exploited in the wild, so we don’t know of any potential targets, or victims, however, Vigor models are very common in prosumer and small and medium-sized business (SMB) environments.
Router vulnerabilities are a common target in cyberattacks since they can serve as entry points for lateral movement, data exfiltration, or botnet recruitment, especially since SMBs rarely have robust monitoring or incident response capabilities. Attackers also favor them for persistence, as routers often go unnoticed during security audits.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
