What's Happening?
DrayTek has announced the release of patches for a critical unauthenticated remote code execution (RCE) vulnerability affecting its DrayOS routers. The flaw, identified as CVE-2025-10547, can be exploited through crafted HTTP or HTTPS requests targeting the web user interface of vulnerable devices. Successful exploitation could lead to memory corruption, system crashes, and potentially allow attackers to execute arbitrary code remotely. The vulnerability was reported by ChapsVision security researcher Pierre-Yves Maes. DrayTek has urged users to update their devices with the new firmware to mitigate the risk. The company noted that routers are protected from WAN-based attacks if remote access to the WebUI and SSL VPN services is disabled or if Access Control Lists (ACLs) are properly configured. However, local network access could still pose a threat if not adequately controlled.
Why It's Important?
The patching of this vulnerability is crucial as DrayTek routers are widely used by prosumers and small to medium-sized businesses (SMBs), making them attractive targets for cybercriminals. The potential for remote code execution could have severe implications, including unauthorized access to sensitive data and disruption of network services. This development underscores the ongoing cybersecurity challenges faced by organizations and the importance of timely updates and robust security configurations. The incident also highlights the need for continuous vigilance and proactive measures in cybersecurity to protect against evolving threats.
What's Next?
Users of DrayTek routers are advised to promptly apply the firmware updates to secure their devices. Organizations should review their network security policies and ensure that remote access settings are appropriately configured to prevent unauthorized access. The cybersecurity community will likely continue to monitor for any signs of exploitation in the wild and may issue further advisories if necessary. This incident may also prompt other manufacturers to reassess their security measures and update their products to prevent similar vulnerabilities.
