Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

DrayTek Vigor router CVE-2025-10547 mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

DrayTek issued mitigation guidance for CVE-2025-10547 affecting multiple Vigor router models, because unauthenticated remote requests to the WebUI can lead to memory corruption and potential remote code execution. Administrators are told to reduce WAN exposure and apply the listed firmware updates to the impacted devices. The advisory matters because the flaw is reachable over network requests and can affect widely deployed small-business and prosumer routers.

Related Happenings

Cisco security patch release for CVE-2026-20182

Security Patch Release
First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

Open Happening

Cisco security patch release for CVE-2026-20188

Security Patch Release
First: 06.05.2026 21:06 Last: 06.05.2026 21:06 Sources 1

About this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...

Open Happening

PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)

Advisory/Mitigation
First: 06.05.2026 09:14 Last: 06.05.2026 09:14 Sources 1

About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...

Open Happening

D-Link DIR-823X command-injection RCE (CVE-2025-29635)

Vulnerability
First: 22.04.2026 23:04 Last: 22.04.2026 23:04 Sources 1

About this happening: **CVE-2025-29635** is now being **actively exploited** on **D-Link DIR-823X routers**, turning a command-injection flaw into **remote command execution** and **botnet enrollment**...

Open Happening

Cisco Catalyst SD-WAN Manager information disclosure vulnerability (CVE-2026-20133)

Vulnerability
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: CISA moved **CVE-2026-20133** in **Cisco Catalyst SD-WAN Manager** into its **KEV Catalog**, signaling **active exploitation** against **unpatched devices** and forcing **FCEB age...

Open Happening

Timeline

  1. 02.10.2025 20:37 1 articles · 7mo ago

    CVE-2025-10547 reported to DrayTek

    Initial Disclosure

    ChapsVision security researcher Pierre-Yves Maes reported CVE-2025-10547 to DrayTek on July 22, beginning the disclosure timeline for a vulnerability in several Vigor router models that can be triggered by crafted HTTP or HTTPS requests to the WebUI.

    Show sources
    Open in new tab
  2. 02.10.2025 20:37 2 articles · 7mo ago

    DrayTek advisory adds mitigation and firmware updates

    Mitigation Patch Update

    On 2025-10-02, DrayTek released a security advisory for CVE-2025-10547 affecting multiple Vigor router models, warning that unauthenticated remote attackers can send crafted HTTP or HTTPS requests to the WebUI and cause memory corruption, a system crash, and potential remote code execution; DrayTek advised disabling remote WebUI/SSL VPN access or restricting it with ACLs/VLANs and applying the available firmware security updates, while Maes said he successfully tested an exploit on DrayTek devices and would disclose the full technical details tomorrow.

    Show sources
    Open in new tab