Networking hardware manufacturer Draytek issued an advice to warn about a safety vulnerability in several strictly router models, which may allow remote, informal actors to execute arbitrary code.
The defects, identified as CVE-2025–10547, were informed by the seller by Chapswjan Security Researcher Pierre-Yus Mess on 22 July.
“The vulnerability can then be triggered when informal remote attacker sends HTTP or HTTPS requests prepared for the web user interface (webui),” Draytek’s security advisor reads,
“Successful exploitation memory can cause corruption and a system crash, allowing distance code execution with capacity in some circumstances.”
Draytek said that WAN exposure can be reduced by disabled remote webui/SSL VPN access or banned with ACLS/Vlan. However, Webui is available on LAN in touch with local attackers.
MAES told bleepingcomputer that the root cause for CVE-2025-10547 is an inconvenient stack value that can be leveraged to cause causes Free() Affiliate Arbitrary free ()To obtain distance code execution (RCE).
The researcher successfully tested his findings by creating an exploitation and running it on Draytek devices.
The ongoing exploitation in Draytek’s security bulletin is not mentioned, but it is recommended to reduce the risk.
Below are models affected by CVE-2025-10547, and the recommended firmware version upgrade to reduce the defect:
- Vigor1000B, vigor2962, vigor3910/3912 → 4.4.3.6 or later (some models 4.4.5.1)
- Vigor2135, vigor2763/2765/2766, vigor2865/2866 series (Incl. LTE & 5G), Vigor2927 Series (incl. LTE & 5G) → 4.5.1 or later or later
- Vigor2915 series → 4.4.6.1 or later
- Vigor2862/2926 Series (Incl. LTE) → 3.9.9.12 or later
- Vigor2952/2952p, vigor3220 → 3.9.8.8 or later
- Vigor2860/2925 series (Incl. LTE) → 3.9.8.6 or later
- Vigor2133/2762/2832 series → 3.9.9.4 or later
- Vigor2620 series → 3.9.9.5 or later
- Vigorlte 200n → 3.9.9.3 or later
Draytek router, especially Vigor models, prosecutors and small medium business (SMB) are very common in the atmosphere. The list of affected models includes a broad range, from the flagship model to the old router used in the DLS/telecommunications environment.
System administrators are recommended to implement firmware security updates at the earliest. Maes says that he will disclose full technical details for Cve-2025-10547 tomorrow.
attend Violation and attack simulation summit And experience Future of security verificationListen to top experts and see how AI-managed base Breach is changing and attacking simulation.
Do not remember the event that will shape the future of your safety strategy
