VU#294418: Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface
A critical remote code execution vulnerability, CVE-2025-10547, has been identified in Draytek's Vigor routers. This flaw exists within the script of the LAN web administration interface. An uninitialized variable in this script allows attackers to send crafted HTTP requests. These requests can cause memory corruption on the router. Potentially, this memory corruption can lead to arbitrary code execution. If EasyVPN is enabled, the vulnerability is exploitable remotely through the VPN interface. An attacker can gain full control of the affected router. This could allow for the installation of backdoors, reconfiguration of network settings, or traffic blocking. Additionally, attackers might pivot for lateral movement within the network. Draytek has released patches to fix this vulnerability. Users are strongly advised to upgrade their Vigor routers to the latest firmware version as soon as possible.