DrayTek Router Flaw Allows Remote Takeover (CVE-2025-10547)

A critical remote code execution vulnerability, tracked as CVE-2025-10547, affects numerous DrayTek Vigor router models popular with small and medium-sized businesses. The flaw allows an unauthenticated attacker to gain complete control of a device by sending specially crafted HTTP requests to its web administration interface. This vulnerability is especially dangerous if remote management or EasyVPN features are enabled, as it can be exploited over the internet without credentials. A successful attack could allow threat actors to install backdoors, reconfigure network settings, or pivot to other devices on the internal network. The device manufacturer has released security patches and is urging all users to update their firmware immediately to mitigate the threat.

Latest mentioned: 10-06

Earliest mentioned: 10-02

Sources

bleepingcomputer.com securityonline.info

Also Read

Beast Ransomware Emerges as Major Cyber Threat

Beast ransomware, a sophisticated Ransomware-as-a-Service (RaaS) operation, has emerged as a significant cybersecurity threat. It employs aggressive network propagation tactics using SMB port scanning to infiltrate and encrypt systems across enterprise environments. The ransomware has targeted organizations worldwide since July 2025, affecting diverse sectors including manufacturing, healthcare, and education. It uses phishing campaigns and the Vidar Infostealer to gain initial access. The malware includes geofencing logic to exclude certain regions, suggesting connections to specific geographical areas. It utilizes the ChaCha20 algorithm for encryption and includes a hidden GUI for manual control. Organizations must prioritize preventive measures and early detection capabilities to defend against this threat.

10-29Read more →