CVE-2025-10547_CVE-2025-10547

8.8 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

Basic Information

ID CVE-2025-10547

Source certcc

Published Oct 3, 2025 at 11:35

Modified Oct 3, 2025 at 14:34

Affected Product

Vendor DrayTek Corporation

Product Vigor1000B

Version 4.4.5.1

Affected Versions DrayTek Corporation Vigor1000B 4.4.5.1
DrayTek Corporation Vigor2962 4.4.5.1
DrayTek Corporation Vigor3910 4.4.3.6
DrayTek Corporation Vigor3912 4.4.5.1
DrayTek Corporation Vigor2135 4.5.1
DrayTek Corporation Vigor2763 4.5.1
DrayTek Corporation Vigor2765 4.5.1
DrayTek Corporation Vigor2766 4.5.1
DrayTek Corporation Vigor2865 4.5.1
DrayTek Corporation Vigor2865 LTE Series 4.5.1
DrayTek Corporation Vigor2865L-5G Series 4.5.1
DrayTek Corporation Vigor2866 4.5.1
DrayTek Corporation Vigor2866 LTE 4.5.1
DrayTek Corporation Vigor2927 4.5.1
DrayTek Corporation Vigor 2927 LTE 4.5.1
DrayTek Corporation Vigor2927L-5G 4.5.1
DrayTek Corporation Vigor2915 4.4.6.1
DrayTek Corporation Vigor2862 3.9.9.12
DrayTek Corporation Vigor2862 LTE 3.9.9.12
DrayTek Corporation Vigor2926 3.9.9.12

References

www.draytek.com /about/security-advisory/use-of-uninitialized-variable-vulnerabilities/

{
    "lastseen": "",
    "description": "An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.",
    "published": "2025-10-03T11:35:43.752Z",
    "modified": "2025-10-03T14:34:32.239Z",
    "type": "cve",
    "title": "CVE-2025-10547",
    "source": "certcc",
    "references": "https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/",
    "id": "CVE-2025-10547",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "DrayTek Corporation Vigor1000B 4.4.5.1\nDrayTek Corporation Vigor2962 4.4.5.1\nDrayTek Corporation Vigor3910 4.4.3.6\nDrayTek Corporation Vigor3912 4.4.5.1\nDrayTek Corporation Vigor2135 4.5.1\nDrayTek Corporation Vigor2763 4.5.1\nDrayTek Corporation Vigor2765 4.5.1\nDrayTek Corporation Vigor2766 4.5.1\nDrayTek Corporation Vigor2865 4.5.1\nDrayTek Corporation Vigor2865 LTE Series 4.5.1\nDrayTek Corporation Vigor2865L-5G Series 4.5.1\nDrayTek Corporation Vigor2866 4.5.1\nDrayTek Corporation Vigor2866 LTE 4.5.1\nDrayTek Corporation Vigor2927 4.5.1\nDrayTek Corporation Vigor 2927 LTE 4.5.1\nDrayTek Corporation Vigor2927L-5G 4.5.1\nDrayTek Corporation Vigor2915 4.4.6.1\nDrayTek Corporation Vigor2862 3.9.9.12\nDrayTek Corporation Vigor2862 LTE 3.9.9.12\nDrayTek Corporation Vigor2926 3.9.9.12",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vigor1000B",
    "version": "4.4.5.1",
    "vendor": "DrayTek Corporation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply