CVE-2025-10547

Summary

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

Affected Software

VendorProductVersion RangeStatus
DrayTek CorporationVigor1000B0 < 4.4.5.1affected
DrayTek CorporationVigor29620 < 4.4.5.1affected
DrayTek CorporationVigor39100 < 4.4.3.6affected
DrayTek CorporationVigor39120 < 4.4.5.1affected
DrayTek CorporationVigor21350 < 4.5.1affected
DrayTek CorporationVigor27630 < 4.5.1affected
DrayTek CorporationVigor27650 < 4.5.1affected
DrayTek CorporationVigor27660 < 4.5.1affected
DrayTek CorporationVigor28650 < 4.5.1affected
DrayTek CorporationVigor2865 LTE Series0 < 4.5.1affected
DrayTek CorporationVigor2865L-5G Series0 < 4.5.1affected
DrayTek CorporationVigor28661.0 < 4.5.1affected
DrayTek CorporationVigor2866 LTE0 < 4.5.1affected
DrayTek CorporationVigor29270 < 4.5.1affected
DrayTek CorporationVigor 2927 LTE0 < 4.5.1affected
DrayTek CorporationVigor2927L-5G0 < 4.5.1affected
DrayTek CorporationVigor29150 < 4.4.6.1affected
DrayTek CorporationVigor28620 < 3.9.9.12affected
DrayTek CorporationVigor2862 LTE0 < 3.9.9.12affected
DrayTek CorporationVigor29260 < 3.9.9.12affected

Weaknesses

  • CWE-456: Missing Initialization of a Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References