A serious unauthenticated remote code execution (RCE) flaw, identified as CVE-2025-10547, has been uncovered in DrayTek’s DrayOS routers. This vulnerability allows attackers to send crafted HTTP or HTTPS requests to the router’s web management interface, potentially leading to memory corruption, system crashes, or full device takeover.
The flaw affects 35 models of DrayTek’s Vigor routers, devices widely deployed by small-to-medium businesses (SMBs) and home professionals. While disabling remote access and using properly configured Access Control Lists (ACLs) can protect against WAN-based attacks, the issue remains exploitable from within local networks—a serious risk for any organization lacking strong internal segmentation.
Discovered by Pierre-Yves Maes of ChapsVision, the vulnerability highlights how edge devices continue to be high-value targets for cybercriminals. DrayTek has released firmware updates to fix the flaw and urges users to apply patches immediately. Experts warn that historical targeting of DrayTek routers by ransomware operators could make this vulnerability a prime candidate for future weaponization if left unpatched.
The key takeaway: update now, tighten access controls, and review network segmentation policies to keep your infrastructure safe.
#DrayTek #CVE202510547 #cybersecurity #RCE #networksecurity #infosec #routervulnerability #DrayOS #patchmanagement #SMBsecurity #firmwareupdate
