- Draytek Patches CVE-2025-10547, a firmware failure that enables blockages or the execution of the remote code
- Vulnerability affects the routers with exposed webui or poorly configured acl; Local access also exploitable
- Vigor routers are common in SMEs, which makes them attractive objectives for persistent cyber attacks
The Red Draytek equipment manufacturer has paved a dangerous vulnerability found in dozens of models of commercial vigor routors, and is urging users to apply the solution as soon as possible.
In a security notice, Draytek said he discovered a vulnerability of “uninitiated variables in the firmware” in Droyos (the vigor routers of the operating system) that, if exploited, could cause memory corruption or system blockages. There is also a “potential in certain circumstances” to use the error for the execution of the remote code.
The error is tracked as CVE-2025-10547 and a gravity score has not yet been assigned.
List of vigor routers affected
Threat actors can abuse it by sending HTTP or HTTPS applications to the device web user interface (webui).
Draytek says that the error only affects the routers who have remote access to the services of VPN Webui and SSL enabled, as well as those whose access control lists (ACL) are poorly configured.
“However, an attacker with access to the local network could still exploit vulnerability through Webui,” explains the notice. “The local access to the webui can be controlled in some models using LAN and Acl ACL. To guarantee complete protection, we recommend updating the firmware to the minimum version specified below.”
The complete list of affected routers is quite extensive, and can be found in this link.
At the time of publication, there was no information about the error exploited in nature, so we do not know any potential objective, or victims, however, vigor models are very common in business and small and medium -sized business environments (SMB).
The vulnerabilities of the router are a common objective in cyber attacks, since they can serve as entry points for lateral movement, exfiltration of data or botnet recruitment, especially because SMBs rarely have monitoring or response capabilities of solid incidents. The attackers also favor them to persistence, since routers often go unnoticed during security audits.
Through Bleepingcomputer
Keep PakGazette on Google News and Add us as a preferred source To get our news, reviews and opinion of experts in their feeds. Be sure to click on the Force button!
And of course you can also Keep PakGazette in Tiktok For news, reviews, video deciphes and get regular updates from us in WhatsApp also.
You may also like
