CVE-2025-10547

Description

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

PUBLISHED Reserved 2025-09-16 | Published 2025-10-03 | Updated 2025-11-04 | Assigner certcc

Problem types

CWE-456: Missing Initialization of a Variable

Product status

References

www.kb.cert.org/vuls/id/294418

www.draytek.com/...f-uninitialized-variable-vulnerabilities/

cve.org (CVE-2025-10547)

nvd.nist.gov (CVE-2025-10547)

Download JSON