Unauthenticated RCE Flaw Patched in DrayTek Routers

Unauthenticated RCE Flaw Patched in DrayTek Routers

Posted on By CWS

DrayTek on Thursday introduced patches for an unauthenticated distant code execution (RCE) vulnerability affecting DrayOS routers.

Tracked as CVE-2025-10547, the difficulty could be exploited through crafted HTTP or HTTPS requests despatched to a susceptible gadget’s internet consumer interface.

Profitable exploitation of the bug, DrayTek explains in its advisory, might lead to reminiscence corruption and a system crash. In sure circumstances, it might be used to execute arbitrary code remotely, it says.

“Routers are shielded from WAN-based assaults if distant entry to the WebUI and SSL VPN providers is disabled, or if Entry Management Lists (ACLs) are correctly configured,” DrayTek notes.

“Nonetheless, an attacker with entry to the native community might nonetheless exploit the vulnerability through the WebUI. Native entry to the WebUI could be managed on some fashions utilizing LAN facet VLANs and ACLs,” the corporate provides.

The corporate credited ChapsVision safety researcher Pierre-Yves Maes for reporting the vulnerability on July 22.

DrayTek has launched firmware updates that deal with the safety defect in 35 Vigor router fashions, urging customers to replace their gadgets as quickly as potential. Nonetheless, it made no point out of the bug being exploited within the wild.

DrayTek gadgets are broadly utilized by prosumers and SMBs, and are recognized to be widespread targets for hackers. Ransomware teams final yr hit lots of of organizations by exploiting an unknown flaw in DrayTek routers.Commercial. Scroll to proceed studying.

Earlier this yr, widespread Vigor router reboots reported throughout the UK, Australia, and different nations had been blamed on probably malicious TCP connection makes an attempt concentrating on older fashions.

Associated: Organizations Warned of Exploited Meteobridge Vulnerability

Associated: Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability

Associated: Cisco Patches Zero-Day Flaw Affecting Routers and Switches

Associated: Vulnerabilities Expose Helmholz Industrial Routers to Hacking

Security Week News Tags:, , , , ,

Related Posts

Cyata Emerges From Stealth With .5 Million in Funding Cyata Emerges From Stealth With $8.5 Million in Funding Security Week News
Alumni, Student, and Staff Information Stolen From Harvard University Alumni, Student, and Staff Information Stolen From Harvard University Security Week News
Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases Security Week News
Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities Security Week News
Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks Security Week News
CrowdStrike to Acquire Onum to Fuel Falcon Next-Gen SIEM With Real-Time Telemetry CrowdStrike to Acquire Onum to Fuel Falcon Next-Gen SIEM With Real-Time Telemetry Security Week News