DrayTek Weekly Update 7 October 2025
Security Advisory
Use of Uninitialized Variable Vulnerabilities (CVE-2025-10547)
Release Date: 2025-10-02
On July 22, a security vulnerability was
identified in DrayOS routers. The vulnerability can be triggered when
unauthenticated remote attackers send crafted HTTP or HTTPS requests to the
device's Web User Interface (WebUI). Successful exploitation may cause memory
corruption and a system crash, with the potential, in certain circumstances, to
allow remote code execution.
Routers are protected from WAN-based attacks
if remote access to the WebUI and SSL VPN services is disabled, or if Access
Control Lists (ACLs) are correctly configured. However, an attacker with access
to the local network could still exploit the vulnerability via the WebUI. Local
access to the WebUI can be managed on some models using LAN-side VLANs and
ACLs. To achieve complete protection, it is strongly recommended to upgrade the
firmware for affected router models.
Current router models with updated firmware
versions are:
Model Firmware Version
Vigor2962 4.4.3.6
or later 4.4.5.1 or later
Vigor3910 4.4.3.6
or later 4.4.5.1 or later
Vigor3912 4.4.3.6
or later 4.4.5.1 or later
Vigor2135 4.5.1
or later
Vigor2765 4.5.1
or later
Vigor2865 Series 4.5.1 or later
Vigor2927 Series 4.5.1 or later
For a complete list of routers, refer to the
list provided in the security advisory available at:
The latest firmware can be downloaded from https://www.draytek.com.au/support/downloads/
Latest
Video
This video provides
a brief overview of the upcoming DrayTek training workshop, scheduled to take
place in Brisbane on November 4, 2025. DrayTek resellers, system integrators,
and network administrators are invited to register for this valuable workshop.
Click here to watch
this video.
More details on
the workshop, including registration, are available at:
DrayTek HQ frequently sends
notifications about system updates, outages, security alerts, and firmware
releases.
To subscribe to our regular news updates, click “Subscribe”
on this page or log into your i-helpdesk account and enable the “Subscribe”
option.
Related Articles
DrayTek Weekly Update 14 October 2025
Upcoming Webinar FreeWebinar – VPN in DrayTek DrayOS 5 Routers Tuesday, 21st October 2025, 12:00 noon EST Duration: 30 minutes Tune into our next YouTube Premiere webinar: VPN in DrayTek DrayOS 5 Routers. This webinar continues our series covering ...Weekly Update 3 October 2019
Upcoming Webinar High Availability in DrayTek Routers Tuesday 15th October 2019, 10:00am Duration: 30 minutes You are invited to attend our next webinar: High Availability in DrayTek Routers This webinar gives an overview of the High Availability ...DrayTek Weekly Update 27 October 2025
Latest Video Howto secure the NAT Port Redirection using Port Knocking on a Vigor2136 This video shows how to set up secure NAT port redirection using Port Knocking on a DrayOS 5 router. The related knowledge base article is available at: ...Weekly Update 4 October 2023
Upcoming Webinar Free Webinar – Latest Updates to DrayTek Web Content Filter Tuesday 10th October 2023, 12:00 noon AEST Duration: 30 minutes Tune into our next YouTube Premiere webinar: Latest Updates to DrayTek Web Content Filter This webinar looks ...Weekly Update 1 October 2020
Upcoming Webinar Free Webinar – Firewall in DrayTek Routers (Part 1) Tuesday 6st October 2020, 10:00am Duration: 30 minutes Tune in to the first part of our 2-part series of YouTube Premiere webinars: Firewall in DrayTek Routers (Part 1) In this ...