Unauthenticated RCE Flaw Patched in DrayTek Routers

The security defect can be exploited remotely via crafted HTTP/S requests to a vulnerable device’s web user interface.

DrayTek on Thursday announced patches for an unauthenticated remote code execution (RCE) vulnerability affecting DrayOS routers.

Tracked as CVE-2025-10547, the issue can be exploited via crafted HTTP or HTTPS requests sent to a vulnerable device’s web user interface.

Successful exploitation of the bug, DrayTek explains in its advisory, may result in memory corruption and a system crash. In certain circumstances, it could be used to execute arbitrary code remotely, it says.

“Routers are shielded from WAN-based attacks if remote access to the WebUI and SSL VPN services is disabled, or if Access Control Lists (ACLs) are properly configured,” DrayTek notes.

“Nevertheless, an attacker with access to the local network could still exploit the vulnerability via the WebUI. Local access to the WebUI can be controlled on some models using ...