DrayTek has released a patch for a serious flaw in its Vigor routers. The vulnerability, tracked as CVE-2025-10547, allows attackers to run code without logging in. The issue appears when specially crafted HTTP or HTTPS requests are sent to the router’s web interface. If exploited, it can cause memory corruption, device crashes, or in some cases, full remote code execution.
The company explained that routers are safer from internet-based attacks when remote web access and SSL VPN services are disabled. Using strong access control lists also helps. However, attackers inside the local network can still abuse the bug if the web interface is exposed. DrayTek credited security researcher Pierre-Yves Maes from ChapsVision for reporting the flaw in July. Firmware updates for 35 Vigor models were released on October 2, and the company urged users to update right away.
While DrayTek has not confirmed active attacks, history shows these routers are a common target. Last year, ransomware groups broke into hundreds of organizations through an unknown DrayTek flaw. Because of this track record, security experts warn that waiting to patch could be risky.
The bug is caused by how the router handles memory. Attackers can trick the device into freeing memory incorrectly, a technique known as “arbitrary free.” That mistake can crash the router. In skilled hands, it can also open the door to run malicious code. Since routers act as the main gate for network traffic, a takeover could give attackers full access to the network behind it.
The best defense is to update firmware as soon as possible. While preparing for updates, administrators should block remote access to the web interface, enforce strict access rules, and use VLANs to separate router management from general traffic. These steps limit risk but do not remove the flaw. Updating is the only full fix.
Small businesses and advanced home users rely heavily on Vigor routers, which is why this issue matters. Many of these networks lack dedicated IT teams, making them easier targets. If a router is compromised, attackers could spread ransomware or steal sensitive data. Even someone with access to the local Wi-Fi could trigger the bug if protections are weak.
CVE-2025-10547 should be treated as a top priority. Firmware updates are already available, and applying them now will protect networks from a possible large-scale attack. Those who delay risk leaving their systems open to a proven attack path.
