DrayTek has released firmware updates to fix a critical remote code execution vulnerability in DrayOS routers, tracked as CVE-2025-10547. Although no active exploitation has been reported, the flaw could allow attackers to execute arbitrary code remotely through crafted web requests, posing a threat to SMBs and prosumer users. #DrayOS #CVE-2025-10547
Keypoints
- DrayTek announced patches for an unauthenticated RCE vulnerability in DrayOS routers.
- The vulnerability is exploited via manipulated HTTP or HTTPS requests to the WebUI.
- Successful exploitation may cause system crashes and remote code execution.
- Routers are more secure if remote access and SSL VPN are disabled or ACLs are configured.
- Hundreds of organizations have previously been targeted by hackers exploiting similar router flaws.
Read More: https://www.securityweek.com/unauthenticated-rce-flaw-patched-in-draytek-routers/