DrayTek has announced a security vulnerability affecting several of their router models. Discovered on July 22, the flaw, identified as CVE-2025-10547, involves an uninitialized variable in the firmware that could be exploited by malicious actors to cause system crashes or, in some cases, enable remote code execution.
The issue occurs when crafted HTTP or HTTPS requests are sent to the device’s Web User Interface (WebUI). While most routers are protected from external attacks if remote WebUI access and SSL VPN features are disabled or secured through proper access controls, devices with local network access could still be vulnerable.
If your router is affected, an attacker with access to your local network might exploit this vulnerability to take control of your device. To stay protected, DrayTek strongly recommends updating your firmware to the latest supported version. Firmware updates are available for many models, including popular series like Vigor 1000B, 2000, 2860, 2920, and others.
Keeping your device current and regularly updating your router’s firmware is essential in defending against emerging security threats, preventing potential exploits and keeping your network safe.
If you’re unsure whether your device is affected or need assistance with updates, visit the full security advisory here.
Leave a Reply