On July 22, a security vulnerability was identified in DrayOS routers. The vulnerability can be triggered when unauthenticated remote attackers send crafted HTTP or HTTPS requests to the device's Web User Interface (WebUI). Successful exploitation may cause memory corruption and a system crash, with the potential in certain circumstances could allow remote code execution.
Routers are shielded from WAN-based attacks if remote access to the WebUI and SSL VPN services is disabled, or if Access Control Lists (ACLs) are properly configured. Nevertheless, an attacker with access to the local network could still exploit the vulnerability via the WebUI. Local access to the WebUI can be controlled on some models using LAN side VLANs and ACLs. To ensure full protection, we strongly recommend upgrading the firmware to the minimum version specified below.
| CVE Number | Description | CVSS |
|---|---|---|
| CVE-2025-10547 | An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption. | 8.8 |
The security updates are released for the following models. No other models are affected. Please to download, and upgrade the firmware per model as soon as possible to ensure the security of your system.
| Model | Firmware Version |
|---|---|
| Vigor1000B | 4.4.3.6 or later |
| Vigor2962 | 4.4.3.6 or later 4.4.5.1 or later |
| Vigor3910 | 4.4.3.6 or later 4.4.5.1 or later |
| Vigor3912 | 4.4.3.6 or later 4.4.5.1 or later |
| Vigor2135 | 4.5.1 or later |
| Vigor2763 | 4.5.1 or later |
| Vigor2765 | 4.5.1 or later |
| Vigor2766 | 4.5.1 or later |
| Vigor2865 Series | 4.5.1 or later |
| Vigor2865 LTE Series | 4.5.1 or later |
| Vigor2865L-5G Series | 4.5.1 or later |
| Vigor2866 Series | 4.5.1 or later |
| Vigor2866 LTE Series | 4.5.1 or later |
| Vigor2927 Series | 4.5.1 or later |
| Vigor2927 LTE Series | 4.5.1 or later |
| Vigor2927L-5G Series | 4.5.1 or later |
| Vigor2915 Series | 4.4.6.1 or later |
| Vigor2862 Series | 3.9.9.12 or later |
| Vigor2862 LTE Series | 3.9.9.12 or later |
| Vigor2926 Series | 3.9.9.12 or later |
| Vigor2926 LTE Series | 3.9.9.12 or later |
| Vigor2952 | 3.9.8.8 or later |
| Vigor2952P | 3.9.8.8 or later |
| Vigor3220 | 3.9.8.8 or later |
| Vigor2860 Series | 3.9.8.6 or later |
| Vigor2860 LTE Series | 3.9.8.6 or later |
| Vigor2925 Series | 3.9.8.6 or later |
| Vigor2925 LTE Series | 3.9.8.6 or later |
| Vigor2133 Series | 3.9.9.4 or later |
| Vigor2762 Series | 3.9.9.4 or later |
| Vigor2832 Series | 3.9.9.4 or later |
| Vigor2620 Series | 3.9.9.5 or later |
| VigorLTE 200n | 3.9.9.5 or later |
We extend our sincere appreciation to Pierre-Yves MAES from ChapsVision for his responsible disclosure and timely reporting of this vulnerability, which has contributed to strengthening our security measures.
If you have any security-related queries, please reach out to us via the contact form to connect with our technical team.