Vulnerability-Lookup

CVE-2025-10547 (GCVE-0-2025-10547)

Vulnerability from cvelistv5 – Published: 2025-10-03 11:35 – Updated: 2025-11-04 22:06

Title

CVE-2025-10547

Summary

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-456 - Missing Initialization of a Variable

Assigner

certcc

References

2 references

URL	Tags
https://www.draytek.com/about/security-advisory/u…
https://www.kb.cert.org/vuls/id/294418

Impacted products

20 products

Vendor	Product	Version
DrayTek Corporation	Vigor1000B	Affected: 0 , < 4.4.5.1 (custom)
DrayTek Corporation	Vigor2962	Affected: 0 , < 4.4.5.1 (custom)
DrayTek Corporation	Vigor3910	Affected: 0 , < 4.4.3.6 (custom)
DrayTek Corporation	Vigor3912	Affected: 0 , < 4.4.5.1 (custom)
DrayTek Corporation	Vigor2135	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2763	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2765	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2766	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2865	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2865 LTE Series	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2865L-5G Series	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2866	Affected: 1.0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2866 LTE	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2927	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor 2927 LTE	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2927L-5G	Affected: 0 , < 4.5.1 (custom)
DrayTek Corporation	Vigor2915	Affected: 0 , < 4.4.6.1 (custom)
DrayTek Corporation	Vigor2862	Affected: 0 , < 3.9.9.12 (custom)
DrayTek Corporation	Vigor2862 LTE	Affected: 0 , < 3.9.9.12 (custom)
DrayTek Corporation	Vigor2926	Affected: 0 , < 3.9.9.12 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10547",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-03T14:33:21.692268Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-16T18:32:38.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T22:06:30.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/294418"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Vigor1000B",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2962",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor3910",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.4.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor3912",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2135",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2763",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2765",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2766",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2865",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2865 LTE Series",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2865L-5G Series",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2866",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2866 LTE",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2927",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor 2927 LTE",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2927L-5G",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2915",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "4.4.6.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2862",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "3.9.9.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2862 LTE",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "3.9.9.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vigor2926",
          "vendor": "DrayTek Corporation",
          "versions": [
            {
              "lessThan": "3.9.9.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-456: Missing Initialization of a Variable",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-20T15:58:45.010Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE-2025-10547",
      "x_generator": {
        "engine": "VINCE 3.0.26",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-10547"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-10547",
    "datePublished": "2025-10-03T11:35:43.752Z",
    "dateReserved": "2025-09-16T11:35:24.694Z",
    "dateUpdated": "2025-11-04T22:06:30.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-10547",
      "date": "2026-06-05",
      "epss": "0.00066",
      "percentile": "0.20615"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-10547\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2025-10-03T12:15:42.993\",\"lastModified\":\"2025-11-04T22:16:05.300\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"references\":[{\"url\":\"https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/294418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.kb.cert.org/vuls/id/294418\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:06:30.559Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-10547\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-03T14:33:21.692268Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-03T14:33:10.714Z\"}}], \"cna\": {\"title\": \"CVE-2025-10547\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor1000B\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2962\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor3910\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.4.3.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor3912\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2135\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2763\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2765\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2766\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2865\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2865 LTE Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2865L-5G Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2866\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2866 LTE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2927\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor 2927 LTE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2927L-5G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.5.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2915\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.4.6.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2862\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.9.9.12\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2862 LTE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.9.9.12\", \"versionType\": \"custom\"}]}, {\"vendor\": \"DrayTek Corporation\", \"product\": \"Vigor2926\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.9.9.12\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/\"}], \"x_generator\": {\"env\": \"prod\", \"engine\": \"VINCE 3.0.26\", \"origin\": \"https://cveawg.mitre.org/api/cve/CVE-2025-10547\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-456: Missing Initialization of a Variable\"}]}], \"providerMetadata\": {\"orgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"shortName\": \"certcc\", \"dateUpdated\": \"2025-10-20T15:58:45.010Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-10547\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T22:06:30.559Z\", \"dateReserved\": \"2025-09-16T11:35:24.694Z\", \"assignerOrgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"datePublished\": \"2025-10-03T11:35:43.752Z\", \"assignerShortName\": \"certcc\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

BDU:2025-13369

Vulnerability from fstec - Published: 02.10.2025

Title

Уязвимость компонента HTTP CGI Request Handler микропрограммного обеспечения маршрутизаторов DrayTek Vigor, позволяющая нарушителю вызывать отказ в обслуживании или выполнить произвольный код

Description

Уязвимость компонента HTTP CGI Request Handler микропрограммного обеспечения маршрутизаторов DrayTek Vigor связана с отсутствием инициализации переменных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызывать отказ в обслуживании или выполнить произвольный код

Severity


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

DrayTek

Software Name

Vigor 1000B, Vigor 2962, Vigor 3910, Vigor 3912, Vigor 2135, Vigor 2763, Vigor 2765, Vigor 2766, Vigor 2865 LTE, Vigor 2865L-5G, Vigor 2866, Vigor2866 LTE, Vigor 2927, Vigor2927 LTE, Vigor 2927L-5G, Vigor 2915, Vigor 2862, Vigor 2862 LTE, Vigor 2926, Vigor 2926 LTE, Vigor 2952, Vigor 2952P, Vigor 3220, Vigor 2860, Vigor 2860 LTE, Vigor 2925, Vigor 2925 LTE, Vigor 2133, Vigor 2762, Vigor 2832, Vigor 2620, Vigor LTE 200n

Software Version

до 4.4.3.6 (Vigor 1000B), до 4.4.3.6 (Vigor 2962), до 4.4.5.1 (Vigor 2962), до 4.4.3.6 (Vigor 3910), до 4.4.5.1 (Vigor 3910), до 4.4.3.6 (Vigor 3912), до 4.4.5.1 (Vigor 3912), до 4.5.1 (Vigor 2135), до 4.5.1 (Vigor 2763), до 4.5.1 (Vigor 2765), до 4.5.1 (Vigor 2766), до 4.5.1 (Vigor 2865 LTE), до 4.5.1 (Vigor 2865L-5G), до 4.5.1 (Vigor 2866), до 4.5.1 (Vigor2866 LTE), до 4.5.1 (Vigor 2927), до 4.5.1 (Vigor2927 LTE), до 4.5.1 (Vigor 2927L-5G), до 4.4.6.1 (Vigor 2915), до 3.9.9.12 (Vigor 2862), до 3.9.9.12 (Vigor 2862 LTE), до 3.9.9.12 (Vigor 2926), до 3.9.9.12 (Vigor 2926 LTE), до 3.9.8.8 (Vigor 2952), до 3.9.8.8 (Vigor 2952P), до 3.9.8.8 (Vigor 3220), до 3.9.8.6 (Vigor 2860), до 3.9.8.6 (Vigor 2860 LTE), до 3.9.8.6 (Vigor 2925), до 3.9.8.6 (Vigor 2925 LTE), до 3.9.9.4 (Vigor 2133), до 3.9.9.4 (Vigor 2762), до 3.9.9.4 (Vigor 2832), до 3.9.9.5 (Vigor 2620), до 3.9.9.5 (Vigor LTE 200n)

Possible Mitigations

Использование рекомендаций: https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/

Reference

https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/ https://xakep.ru/2025/10/03/cve-2025-10547/

CWE

CWE-456

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "DrayTek",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 4.4.3.6 (Vigor 1000B), \u0434\u043e 4.4.3.6 (Vigor 2962), \u0434\u043e 4.4.5.1 (Vigor 2962), \u0434\u043e 4.4.3.6 (Vigor 3910), \u0434\u043e 4.4.5.1 (Vigor 3910), \u0434\u043e 4.4.3.6 (Vigor 3912), \u0434\u043e 4.4.5.1 (Vigor 3912), \u0434\u043e 4.5.1 (Vigor 2135), \u0434\u043e 4.5.1 (Vigor 2763), \u0434\u043e 4.5.1 (Vigor 2765), \u0434\u043e 4.5.1 (Vigor 2766), \u0434\u043e 4.5.1 (Vigor 2865 LTE), \u0434\u043e 4.5.1 (Vigor 2865L-5G), \u0434\u043e 4.5.1 (Vigor 2866), \u0434\u043e 4.5.1 (Vigor2866 LTE), \u0434\u043e 4.5.1 (Vigor 2927), \u0434\u043e 4.5.1 (Vigor2927 LTE), \u0434\u043e 4.5.1 (Vigor 2927L-5G), \u0434\u043e 4.4.6.1 (Vigor 2915), \u0434\u043e 3.9.9.12 (Vigor 2862), \u0434\u043e 3.9.9.12 (Vigor 2862 LTE), \u0434\u043e 3.9.9.12 (Vigor 2926), \u0434\u043e 3.9.9.12 (Vigor 2926 LTE), \u0434\u043e 3.9.8.8 (Vigor 2952), \u0434\u043e 3.9.8.8 (Vigor 2952P), \u0434\u043e 3.9.8.8 (Vigor 3220), \u0434\u043e 3.9.8.6 (Vigor 2860), \u0434\u043e 3.9.8.6 (Vigor 2860 LTE), \u0434\u043e 3.9.8.6 (Vigor 2925), \u0434\u043e 3.9.8.6 (Vigor 2925 LTE), \u0434\u043e 3.9.9.4 (Vigor 2133), \u0434\u043e 3.9.9.4 (Vigor 2762), \u0434\u043e 3.9.9.4 (Vigor 2832), \u0434\u043e 3.9.9.5 (Vigor 2620), \u0434\u043e 3.9.9.5 (Vigor LTE 200n)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.10.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.10.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.10.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-13369",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-10547",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Vigor 1000B, Vigor 2962, Vigor 3910, Vigor 3912, Vigor 2135, Vigor 2763, Vigor 2765, Vigor 2766, Vigor 2865 LTE, Vigor 2865L-5G, Vigor 2866, Vigor2866 LTE, Vigor 2927, Vigor2927 LTE, Vigor 2927L-5G, Vigor 2915, Vigor 2862, Vigor 2862 LTE, Vigor 2926, Vigor 2926 LTE, Vigor 2952, Vigor 2952P, Vigor 3220, Vigor 2860, Vigor 2860 LTE, Vigor 2925, Vigor 2925 LTE, Vigor 2133, Vigor 2762, Vigor 2832, Vigor 2620, Vigor LTE 200n",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 HTTP CGI Request Handler \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 DrayTek Vigor, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 (CWE-456)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 HTTP CGI Request Handler \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 DrayTek Vigor \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/\nhttps://xakep.ru/2025/10/03/cve-2025-10547/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-456",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

FKIE_CVE-2025-10547

Vulnerability from fkie_nvd - Published: 2025-10-03 12:15 - Updated: 2026-04-15 00:35

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cret@cert.org	https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/
	af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/294418

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption."
    }
  ],
  "id": "CVE-2025-10547",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-03T12:15:42.993",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/294418"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred"
}

GHSA-CRJF-W852-343R

Vulnerability from github – Published: 2025-10-03 12:33 – Updated: 2025-11-05 00:31

Details

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-10547"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-03T12:15:42Z",
    "severity": "HIGH"
  },
  "details": "An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.",
  "id": "GHSA-crjf-w852-343r",
  "modified": "2025-11-05T00:31:29Z",
  "published": "2025-10-03T12:33:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10547"
    },
    {
      "type": "WEB",
      "url": "https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/294418"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-10547 (GCVE-0-2025-10547)

BDU:2025-13369

FKIE_CVE-2025-10547

GHSA-CRJF-W852-343R

Tags

Sightings

Nomenclature