CVE-2025-10547
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-03
Last updated on: 2025-11-04
Assigner: CERT/CC
Description
Description
An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| draytek | vigor_router | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by an uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS. It may allow an attacker to execute remote code on the router by exploiting memory corruption.
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to perform remote code execution on the affected router, potentially gaining control over the device and compromising the network it is connected to.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70