Home
Description
An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.
PUBLISHED Reserved 2025-09-16 | Published 2025-10-03 | Updated 2025-10-09 | Assigner certcc
Problem types
CWE-456
Product status
4.4.5.1
affected
4.4.5.1
affected
4.4.3.6
affected
4.4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.5.1
affected
4.4.6.1
affected
3.9.9.12
affected
3.9.9.12
affected
3.9.9.12
affected
References
www.draytek.com/...f-uninitialized-variable-vulnerabilities/
cve.org
(CVE-2025-10547)
nvd.nist.gov
(CVE-2025-10547)
Download JSON
