Remote Code Execution Vulnerability in Vigor Routers by Draytek
CVE-2025-10547

9.8CRITICAL

Key Information:

Vendor

Draytek Corporation

Status
Vigor1000b
Vigor2962
Vigor3910
Vigor3912
Vendor
CVE Published:
3 October 2025

Badges

đź“° News Worthy

What is CVE-2025-10547?

An uninitialized variable flaw in the HTTP CGI request processing of Vigor Routers can enable attackers to exploit memory corruption, potentially leading to remote code execution on affected devices. This vulnerability highlights the importance of robust input validation and memory management practices in network hardware.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vigor 2927 LTE 0 < 4.5.1

Vigor1000B 0 < 4.4.5.1

Vigor2135 0 < 4.5.1

News Articles

favicon imageBleepingComputer

DrayTek warns of remote code execution bug in Vigor routers

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code.

References

https://www.draytek.com/about/security-advisory/use-of-un...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by BleepingComputer

  • Vulnerability Reserved

JSON
.