{“lastseen”:””,”description”:”An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.”,”published”:”2025-10-03T11:35:43.752Z”,”modified”:”2025-10-03T14:34:32.239Z”,”type”:”cve”,”title”:”CVE-2025-10547″,”source”:”certcc”,”references”:”https:\/\/www.draytek.com\/about\/security-advisory\/use-of-uninitialized-variable-vulnerabilities\/”,”id”:”CVE-2025-10547″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”DrayTek Corporation Vigor1000B 4.4.5.1\\nDrayTek Corporation Vigor2962 4.4.5.1\\nDrayTek Corporation Vigor3910 4.4.3.6\\nDrayTek Corporation Vigor3912 4.4.5.1\\nDrayTek Corporation Vigor2135 4.5.1\\nDrayTek Corporation Vigor2763 4.5.1\\nDrayTek Corporation Vigor2765 4.5.1\\nDrayTek Corporation Vigor2766 4.5.1\\nDrayTek Corporation Vigor2865 4.5.1\\nDrayTek Corporation Vigor2865 LTE Series 4.5.1\\nDrayTek Corporation Vigor2865L-5G Series 4.5.1\\nDrayTek Corporation Vigor2866 4.5.1\\nDrayTek Corporation Vigor2866 LTE 4.5.1\\nDrayTek Corporation Vigor2927 4.5.1\\nDrayTek Corporation Vigor 2927 LTE 4.5.1\\nDrayTek Corporation Vigor2927L-5G 4.5.1\\nDrayTek Corporation Vigor2915 4.4.6.1\\nDrayTek Corporation Vigor2862 3.9.9.12\\nDrayTek Corporation Vigor2862 LTE 3.9.9.12\\nDrayTek Corporation Vigor2926 3.9.9.12″,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Vigor1000B”,”version”:”4.4.5.1″,”vendor”:”DrayTek Corporation”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,41,12,15,13,7,11,5],"class_list":["post-20095","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n