DrayTek has released urgent patches for an unauthenticated remote code execution (RCE) vulnerability affecting its DrayOS routers. The flaw could allow attackers to execute arbitrary code or crash affected devices.
Vulnerability Details and Risk
The vulnerability, tracked as CVE-2025-10547 can be exploited by sending crafted HTTP or HTTPS requests to a vulnerable router's web user interface.
DrayTek explained that successful exploitation of the bug may result in memory corruption and a system crash. In some circumstances, this could lead to remote code execution (RCE), allowing an attacker to take control of the device.
While routers are generally shielded from external (WAN-based) attacks if remote access to the WebUI or SSL VPN is disabled, the company noted that an attacker who has gained access to the local network can still exploit the vulnerability via the WebUI. DrayTek devices are widely used by small to medium-sized businesses (SMBs) and are frequently targeted by hackers.
Patch and Recommendations
DrayTek has released firmware updates to address the security flaw in 35 Vigor router models.
The company is strongly urging all users to update their devices as soon as possible. The vulnerability was reported by ChapsVision security researcher Pierre-Yves Maes on July 22, and there is currently no mention of the bug being actively exploited in the wild.
This fix follows a history of attacks targeting DrayTek devices, including a ransomware campaign last year that hit hundreds of organizations by exploiting an unknown flaw in Vigor routers.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
