Close Menu
Cybercrime and Ransomware

Critical RCE Flaw in DrayTek Routers Patched

Staff WriterBy No Comments3 Mins Read4 Views

Summary Points

  1. DrayTek has released patches for CVE-2025-10547, a critical unauthenticated RCE flaw in DrayOS routers that can be exploited via crafted HTTP/HTTPS requests.
  2. Successful exploitation may cause memory corruption, system crashes, or remote code execution, posing significant security risks.
  3. The vulnerability can be exploited locally on the network even if remote access is disabled, though some access controls (VLANs, ACLs) can mitigate this.
  4. The company urges immediate firmware updates for 35 affected Vigor router models, noting no current reports of active exploitation but highlighting the severe threat to SMBs and prosumers.

What’s the Problem?

On Thursday, DrayTek announced that it had issued critical security patches for a serious vulnerability affecting its DrayOS routers, specifically a flaw labeled CVE-2025-10547. This flaw allows unauthenticated remote code execution, meaning hackers could potentially take control of vulnerable routers by sending specially crafted HTTP or HTTPS requests through the device’s web interface. While the company notes that routers are generally protected if remote access features are disabled or access controls are properly set, the vulnerability still presents a significant risk to devices with local network access—especially those protected by LAN VLANs or ACLs. The issue was reported by security researcher Pierre-Yves Maes of ChapsVision, with no evidence indicating active exploitation in the wild, yet the widespread use of these routers by small businesses and tech enthusiasts makes them attractive targets. Past incidents demonstrate that malicious actors have exploited similar vulnerabilities in DrayTek devices to launch ransomware attacks or cause disruptive reboots across various countries, heightening the urgency for users to update their firmware and mitigate potential damages.

Potential Risks

DrayTek recently issued patches for a critical vulnerability (CVE-2025-10547) affecting its DrayOS routers, which allows unauthenticated remote code execution through crafted HTTP or HTTPS requests, risking memory corruption, system crashes, and potential remote takeover; while measures like disabling remote WebUI access and proper ACL configurations can mitigate WAN-based exploitation, local network attackers with WebUI access can still exploit the flaw, highlighting significant cybersecurity risks for widely used devices across prosumers and SMBs, exemplified by recent incidents where hijacked routers facilitated ransomware attacks and widespread reboots, underscoring the imperative for prompt firmware updates to prevent exploitation in an environment rife with targeted attacks exploiting similar vulnerabilities.

Possible Actions

Addressing the unauthenticated remote code execution (RCE) flaw promptly is vital to safeguard networks from potential exploitation, data breaches, and system compromise. Rapid remediation minimizes vulnerability windows, ensuring stability and security in organizational infrastructure.

Mitigation Strategies

  • Update Firmware: Install the latest firmware patches provided by DrayTek promptly to close the RCE vulnerability.
  • Disable Remote Management: Turn off remote management features unless absolutely necessary, reducing attack surface.
  • Network Segmentation: Isolate routers within secure network zones to prevent lateral movement if exploited.
  • Strong Authentication: Enforce robust password policies and, if available, enable multi-factor authentication for router admin access.
  • Firewall Rules: Configure firewalls to restrict access to the router’s management interfaces from untrusted sources.
  • Regular Monitoring: Continuously monitor network traffic and logs for signs of unusual activities indicating potential exploitation.
  • Change Default Credentials: Replace default usernames and passwords to prevent unauthorized access.
  • Security Audits: Conduct periodic security assessments to identify and address other vulnerabilities proactively.

Advance Your Cyber Knowledge

Stay informed on the latest Threat Intelligence and Cyberattacks.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.