Close Menu
    Check BMI
    Technology

    DrayTek warns of remote code execution bug in Vigor routers

    TechAiVerseBy No Comments3 Mins Read0 Views
    DrayTek warns of remote code execution bug in Vigor routers

    DrayTek warns of remote code execution bug in Vigor routers

    Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code.

    The flaw, tracked identified as CVE-2025-10547, was reported to the vendor on July 22 by ChapsVision security researcher Pierre-Yves Maes.

    “The vulnerability can be triggered when unauthenticated remote attackers send crafted HTTP or HTTPS requests to the device’s Web User Interface (WebUI),” reads DrayTek’s security advisory.

    “Successful exploitation may cause memory corruption and a system crash, with the potential in certain circumstances could allow remote code execution.”

    DrayTek noted that WAN exposure can be reduced by disabling remote WebUI/SSL VPN access or restricting it with ACLs/VLANs. However, the WebUI remains reachable over LAN, exposed to local attackers.

    Maes told BleepingComputer that the root cause for CVE-2025-10547 is an uninitialized stack value that can be leveraged to cause the free() function to operate on arbitrary memory locations, also known as arbitrary free(), to achieve remote code execution (RCE).

    The researcher successfully tested his findings by creating an exploit and running it on DrayTek devices.

    DrayTek’s security bulletin does not mention ongoing exploitation, but it is recommended to mitigate the risk.

    Below are the models impacted by CVE-2025-10547, and the recommended firmware version upgrade target to mitigate the flaw:

    • Vigor1000B, Vigor2962, Vigor3910/3912 → 4.4.3.6 or later (some models 4.4.5.1)
    • Vigor2135, Vigor2763/2765/2766, Vigor2865/2866 Series (incl. LTE & 5G), Vigor2927 Series (incl. LTE & 5G) → 4.5.1 or later
    • Vigor2915 Series → 4.4.6.1 or later
    • Vigor2862/2926 Series (incl. LTE) → 3.9.9.12 or later
    • Vigor2952/2952P, Vigor3220 → 3.9.8.8 or later
    • Vigor2860/2925 Series (incl. LTE) → 3.9.8.6 or later
    • Vigor2133/2762/2832 Series → 3.9.9.4 or later
    • Vigor2620 Series → 3.9.9.5 or later
    • VigorLTE 200n → 3.9.9.3 or later

    DrayTek routers, especially Vigor models, are very common in prosumer and small to medium business (SMB) environments. The list of impacted models covers a broad range, from flagship models to older routers used in DLS/telecom environments.

    System administrators are recommended to apply the available firmware security updates as soon as possible. Maes says he will disclose the full technical details for CVE-2025-10547 tomorrow.

    The Security Validation Event of the Year: The Picus BAS Summit

    Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.

    Don’t miss the event that will shape the future of your security strategy

    Share.

    Jonathan is a tech enthusiast and the mind behind Tech AI Verse. With a passion for artificial intelligence, consumer tech, and emerging innovations, he deliver clear, insightful content to keep readers informed. From cutting-edge gadgets to AI advancements and cryptocurrency trends, Jonathan breaks down complex topics to make technology accessible to all.

    Related Posts

    Leave A Reply