← volver
CVE-2025-10547

CVE-2025-10547

CVSS 9.8 CRITICALEPSS 0.6%
An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
DrayTek Corporation · Vigor1000BDrayTek Corporation · Vigor2135DrayTek Corporation · Vigor2763DrayTek Corporation · Vigor2765DrayTek Corporation · Vigor2766DrayTek Corporation · Vigor2862DrayTek Corporation · Vigor2862 LTEDrayTek Corporation · Vigor2865DrayTek Corporation · Vigor2865L-5G SeriesDrayTek Corporation · Vigor2865 LTE SeriesDrayTek Corporation · Vigor2866DrayTek Corporation · Vigor2866 LTEDrayTek Corporation · Vigor2915DrayTek Corporation · Vigor2926DrayTek Corporation · Vigor2927DrayTek Corporation · Vigor2927L-5GDrayTek Corporation · Vigor 2927 LTEDrayTek Corporation · Vigor2962DrayTek Corporation · Vigor3910DrayTek Corporation · Vigor3912

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/https://www.kb.cert.org/vuls/id/294418