DrayTek Addresses Serious Vulnerability with Firmware Updates
On Thursday, DrayTek announced important security updates to address a significant vulnerability found in its DrayOS routers. This vulnerability, officially recognized as CVE-2025-10547, poses a potential risk for unauthorized remote code execution (RCE) through specially crafted HTTP or HTTPS requests sent to the device’s web user interface.
Understanding the Vulnerability
According to DrayTek’s advisory, if exploited successfully, this security flaw could lead to memory corruption, resulting in a system crash. More troubling, however, is the possibility that an attacker could leverage this vulnerability to execute arbitrary code remotely. This gives potential intruders a pathway to manipulate network settings or conduct further malicious activities.
Mitigation Steps for Users
DrayTek has emphasized that routers can be protected from wide-area network (WAN)-based attacks by disabling remote access to the web interface and SSL VPN services. In addition, setting up Access Control Lists (ACLs) correctly can provide an extra layer of defense. However, it’s important to note that an attacker already within the local network could still exploit the vulnerability via the web interface. Users can control local access to the WebUI on certain models by employing LAN-side VLANs and ACLs.
Acknowledgment of Security Research
This vulnerability was reported by Pierre-Yves Maes from ChapsVision on July 22. DrayTek has responded promptly by releasing firmware updates that rectify the issue across 35 different Vigor router models. The company has strongly advised all users to update their devices immediately to ensure they are protected.
Despite the urgency of the updates, there have been no reports indicating that this flaw has been actively exploited in the wild. Nonetheless, given DrayTek’s popularity among prosumers and small to medium-sized businesses (SMBs), the potential for exploitation is a real concern. The routers have been targeted before, particularly by ransomware groups that successfully compromised multiple organizations through an earlier undisclosed vulnerability.
Past Security Issues
Earlier this year, reports emerged regarding unexpected reboots of Vigor routers across various regions including the UK and Australia. These disruptions were attributed to potentially malicious TCP connection attempts aimed at older router models. Such incidents highlight the importance of constant vigilance and timely security updates in the face of evolving threats.
The Importance of Regular Updates
As cyber threats continue to grow in sophistication, it’s crucial for organizations and individual users alike to remain proactive in their cybersecurity measures. Regular firmware updates not only address known vulnerabilities but also strengthen overall network security, reducing the chances of breaches.
DrayTek’s quick response in releasing these firmware updates serves as a reminder of the critical need for businesses and home users to maintain their equipment. Outdated devices can become significant entry points for cybercriminals, making consistent updates an essential part of safeguarding sensitive information and maintaining network integrity.
Conclusion
In an age when digital security threats are rampant, the discovery of vulnerabilities in widely-used devices like DrayTek routers is a wake-up call for users to prioritize their cybersecurity. By staying informed and promptly applying necessary updates, individuals and organizations can help protect their networks from potential attacks, ensuring a more secure online environment.
