News

DrayTek patches an RCE vulnerability in its routers

HackMag680

DrayTek, a networking equipment manufacturer, has issued an advisory about a vulnerability that affects several Vigor router models. The flaw allows remote, unauthenticated attackers to execute arbitrary code.

The vulnerability has been assigned the identifier CVE-2025-10547 and was discovered in the summer of this year by ChapsVision information security researcher Pierre-Yves Maes.

“The vulnerability is triggered when unauthenticated remote attackers send specially crafted HTTP or HTTPS requests to the device’s web interface,” the DrayTek security bulletin says. “Successful exploitation can lead to memory corruption and system crashes and, under certain circumstances, potentially allow remote code execution.”

DrayTek notes that exposure to WAN-side attacks can be reduced by disabling remote access to the web interface and SSL VPN (restricting it with ACLs and VLANs). However, the web interface remains accessible via the LAN, which exposes it to potential local attackers.

As Maes told Bleeping Computer, the root cause of CVE-2025-10547 lies in an uninitialized stack value that can be exploited to force the free() function to operate on arbitrary memory regions (arbitrary free), ultimately achieving remote code execution.

The researcher notes that he successfully tested the bug by creating a PoC exploit and running it on a vulnerable device. He promises to disclose all the technical details of CVE-2025-10547 later this week.

The devices listed below are vulnerable to CVE-2025-10547; it is recommended to update them to the specified firmware versions, where the issue has already been fixed.

  • Vigor1000B, Vigor2962, Vigor3910/3912 -> 4.4.3.6 or newer (4.4.5.1 for some models);
  • Vigor2135, Vigor2763/2765/2766, Vigor2865/2866 Series (including LTE and 5G), Vigor2927 Series (including LTE and 5G) -> 4.5.1 or newer;
  • Vigor2915 Series -> 4.4.6.1 or newer;
  • Vigor2862/2926 Series (including LTE) -> 3.9.9.12 or newer;
  • Vigor2952/2952P, Vigor3220 -> 3.9.8.8 or newer;
  • Vigor2860/2925 Series (including LTE) -> 3.9.8.6 or newer;
  • Vigor2133/2762/2832 Series -> 3.9.9.4 or newer;
  • Vigor2620 Series -> 3.9.9.5 or newer;
  • VigorLTE 200n -> 3.9.9.3 or newer.
it? Share:
14.02.2025 —
12,000 Kerio Control firewalls remain vulnerable to RCE
23.02.2025 —
New JavaScript obfuscation technique uses invisible Unicode characters
23.01.2025 —
Fake Telegram CAPTCHA forces users to run malicious PowerShell scripts
27.01.2025 —
Zyxel firewalls reboot due to flawed update
24.03.2025 —
Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
26.03.2025 —
Cloudflare to block all unencrypted traffic to its APIs
20.02.2025 —
Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
07.04.2025 —
Critical RCE vulnerability discovered in Apache Parquet
24.01.2025 —
Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
28.02.2025 —
Qualcomm extends support for Android devices to 8 years
19.04.2023 —
Kung fu enumeration. Data collection in attacked systems
26.03.2023 —
Poisonous spuds. Privilege escalation in AD with RemotePotato0
13.01.2022 —
Bug in Laravel. Disassembling an exploit that allows RCE in a popular PHP framework
13.01.2022 —
Step by Step. Automating multistep attacks in Burp Suite
04.04.2023 —
Serpent pyramid. Run malware from the EDR blind spots!
03.03.2023 —
Nightmare Spoofing. Evil Twin attack over dynamic routing
01.06.2022 —
Routing nightmare. How to pentest OSPF and EIGRP dynamic routing protocols
03.03.2023 —
Infiltration and exfiltration. Data transmission techniques used in pentesting
21.02.2023 —
Pivoting District: GRE Pivoting over network equipment
20.04.2023 —
Sad Guard. Identifying and exploiting vulnerability in AdGuard driver for Windows