A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute malicious code.
The flaw, tracked as CVE-2025-10547, affects a wide range of Vigor router models, prompting administrators to apply security updates urgently.
The vulnerability, detailed in security advisory DSA-2025-005 released on October 2, 2025, is classified as a “Use of Uninitialized Variable” weakness.
It can be triggered when an attacker sends specially crafted HTTP or HTTPS requests to the device’s Web User Interface (WebUI). A successful exploit can cause memory corruption, leading to a system crash.
DrayOS Routers Vulnerability
More critically, under certain conditions, this memory corruption could be leveraged by an attacker to achieve remote code execution (RCE) on the compromised device.
Since the attack vector is the WebUI, any router with this interface exposed to the internet is at high risk. The vulnerability was initially identified on July 22, and its public disclosure highlights the potential for widespread impact given the popularity of DrayTek routers in business environments.
DrayTek has outlined several mitigation strategies to protect against this threat. The most immediate defense against external attacks is to disable remote access to the WebUI and SSL VPN services from the WAN.
Properly configured Access Control Lists (ACLs) can also serve as a barrier to prevent unauthorized access from the internet.
However, these measures do not offer complete protection, as an attacker who has already gained access to the local network can still exploit the vulnerability through the LAN-side WebUI.
For some models, it is possible to further segment local access using VLANs and additional ACLs. Despite these temporary fixes, DrayTek strongly emphasizes that the only way to fully resolve the vulnerability and ensure complete protection is to upgrade the device firmware to the recommended patched version.
Affected Products and Mitigations
The vulnerability impacts an extensive list of DrayTek’s Vigor router series. Affected models include the Vigor1000B, Vigor2962, Vigor3910, Vigor3912, Vigor2135, and various models within the Vigor276x, Vigor286x, Vigor291x, Vigor292x, and Vigor295x series, among many others.
DrayTek has released specific firmware updates for each affected product line. For example, Vigor2962 users should upgrade to version 4.4.3.6 or 4.4.5.1, while Vigor2865 Series users need to install version 4.5.1 or later.
The company extended its appreciation to Pierre-Yves MAES from ChapsVision for responsibly disclosing the vulnerability.
All users of affected DrayTek products are urged to consult the official advisory for a complete list of models and their corresponding minimum firmware versions to apply the necessary patches immediately.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.
