- Draytek Patches CVE-2025-10547, a firmware flaw allowing accidents or a remote code execution
- Vulnerability affects routers with exposed webui or erroneous ACLs; Local access also used
- The vigor routers are common in SMEs, making it attractive targets for persistent cyber attacks
The manufacturer of Gear Network Draytek has corrected a dangerous vulnerability found in dozens of Vigor commercial router models, and urges users to apply the fix as soon as possible.
In a security notice, Draytek said that he had discovered a vulnerability of the “uninitialized variables in firmware” in Drayos (the operating system of vigor routers) which, if it is exploited, could lead to the corruption of memory or system collisions. It also exists “potential in certain circumstances” to also use the bug for the execution of remote code.
The bug is followed as CVE-2025-10547 and has not yet been attributed to a gravity score.
List of affected vigor routers
Threatening players can abuse it by sending HTTP or HTTPS requests made customized to the web user interface (webui).
Draytek says that the bug only affects routers that have remote access to activated webi and SSL VPN services, as well as those whose access control lists (ACL) are poorly configured.
“Nevertheless, an attacker with access to the local network could still use vulnerability via the Webui,” said the opinion. “Local access to webui can be controlled on certain models using VLANS and ACL LAN SIDE. To ensure complete protection, we strongly recommend the firmware upgrade to the minimum version specified below. ”
The whole list of affected routers is quite extensive, and it can be found on this link.
At the time of the press, there was no information on the bug exploited in the wild, so we do not know any potential targets or the victims, however, the models of vigor are very common in prosimation and small and medium -sized enterprises (SMB) environments.
Router vulnerabilities are a common target in cyber attacks, as they can serve as entry points for lateral movement, data exfiltration or Botnet recruitment, especially since SMEs rarely have monitoring or response capacities to robust incidents. The attackers also promote them for persistence, because routers often go unnoticed during safety audits.
Via Bleeping Compompute
Follow Techradar on Google News And Add us as a favorite source To get our news, criticisms and expert opinions in your flows. Be sure to click on the follow!
And of course, you can also Follow Techradar on Tiktok For news, criticism, unpacking in video form and obtain regular updates to us on Whatsapp Also.
