Remote Code Execution Vulnerability in Vigor Routers by Draytek
CVE-2025-10547

Currently unrated

Key Information:

Vendor: Draytek Corporation
Status: Vigor1000b; Vigor2962; Vigor3910; Vigor3912
Vendor: CVE Published:; 3 October 2025

🔔 Create Draytek Corporation Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2025-10547?

An uninitialized variable flaw in the HTTP CGI request processing of Vigor Routers can enable attackers to exploit memory corruption, potentially leading to remote code execution on affected devices. This vulnerability highlights the importance of robust input validation and memory management practices in network hardware.

Affected Version(s)

Vigor 2927 LTE 4.5.1

Vigor1000B 4.4.5.1

Vigor2135 4.5.1

News Articles

BleepingComputer

CVE-2025-10547

DrayTek warns of remote code execution bug in Vigor routers

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code.

22 hours ago

References

https://www.draytek.com/about/security-advisory/use-of-un...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
📰
First article discovered by BleepingComputer
Oct 2, 2025
Vulnerability Reserved
Sep 16, 2025

JSON