By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: DrayTek warns of remote code execution bug in Vigor routers
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > DrayTek warns of remote code execution bug in Vigor routers
Tech News

DrayTek warns of remote code execution bug in Vigor routers

By admin 3 Min Read
Share
SHARE

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code.

The flaw, tracked identified as CVE-2025-10547, was reported to the vendor on July 22 by ChapsVision security researcher Pierre-Yves Maes.

“The vulnerability can be triggered when unauthenticated remote attackers send crafted HTTP or HTTPS requests to the device’s Web User Interface (WebUI),” reads DrayTek’s security advisory.

“Successful exploitation may cause memory corruption and a system crash, with the potential in certain circumstances could allow remote code execution.”

DrayTek noted that WAN exposure can be reduced by disabling remote WebUI/SSL VPN access or restricting it with ACLs/VLANs. However, the WebUI remains reachable over LAN, exposed to local attackers.

Maes told BleepingComputer that the root cause for CVE-2025-10547 is an uninitialized stack value that can be leveraged to cause the free() function to operate on arbitrary memory locations, also known as arbitrary free(), to achieve remote code execution (RCE).

The researcher successfully tested his findings by creating an exploit and running it on DrayTek devices.

DrayTek’s security bulletin does not mention ongoing exploitation, but it is recommended to mitigate the risk.

Below are the models impacted by CVE-2025-10547, and the recommended firmware version upgrade target to mitigate the flaw:

  • Vigor1000B, Vigor2962, Vigor3910/3912 → 4.4.3.6 or later (some models 4.4.5.1)
  • Vigor2135, Vigor2763/2765/2766, Vigor2865/2866 Series (incl. LTE & 5G), Vigor2927 Series (incl. LTE & 5G) → 4.5.1 or later
  • Vigor2915 Series → 4.4.6.1 or later
  • Vigor2862/2926 Series (incl. LTE) → 3.9.9.12 or later
  • Vigor2952/2952P, Vigor3220 → 3.9.8.8 or later
  • Vigor2860/2925 Series (incl. LTE) → 3.9.8.6 or later
  • Vigor2133/2762/2832 Series → 3.9.9.4 or later
  • Vigor2620 Series → 3.9.9.5 or later
  • VigorLTE 200n → 3.9.9.3 or later

DrayTek routers, especially Vigor models, are very common in prosumer and small to medium business (SMB) environments. The list of impacted models covers a broad range, from flagship models to older routers used in DLS/telecom environments.

System administrators are recommended to apply the available firmware security updates as soon as possible. Maes says he will disclose the full technical details for CVE-2025-10547 tomorrow.

Picus BAS Summit

Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.

Don’t miss the event that will shape the future of your security strategy

You Might Also Like

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Girls in Single-Sex Schools Face Major STEM Access Gap

The ‘Surge’ of Troops May Not Come to San Francisco, but the City Is Ready Anyway

Dublin aquatech PT Aqua named BIM Business of the Year 2025

The Truth About the Meta Display Glasses

TAGGED: DrayTek, RCE, Remote Code Execution, Router, Vulnerability
Share This Article
Facebook Twitter Copy Link
Previous Article Jets’ Braelon Allen suffered a knee injury in Week 4 and is being placed on IR
Next Article How AI Agents Are Transforming Coding with Autonomy & Efficiency
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Fallout 76: Burning Springs Update is Out on December 2, PS5, Xbox Series X/S Versions Set For 2026
Gaming News
Paytm and Vedanta emerge as top buys amid sectoral rotation and profit booking: CA Rudramurthy BV
Business
Bitcoin’s institutional surge widens trillion-dollar gap with altcoins
Crypto
Best Presales Live News Today: Latest Updates on Early Crypto Projects with 10x Potential (October 24)
Crypto
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Tech News
Girls in Single-Sex Schools Face Major STEM Access Gap
Tech News
European lawmakers call for end to EU support for all Libyan security forces
World News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Fallout 76: Burning Springs Update is Out on December 2, PS5, Xbox Series X/S Versions Set For 2026

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Fallout 76: Burning Springs Update is Out on December 2, PS5, Xbox Series X/S Versions Set For 2026
October 24, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?