Imagine your Wi-Fi router turning into a playground for hackers. That's the risk that a lot of people who use a DrayTek Vigor router are exposed to at this moment.
• Corrupt the routers memory;
• Cause the system to crash; or
• Gain full remote code access to the device.
Could you imagine someone taking control of your internet?
• Vigor1000B, Vigor2962, Vigor3910/3912 - Update to 4.4.3.6+
• Vigor2135, 2763/65/66, 2865/66, 2927 (LTE/5G) - Update to 4.5.1+
• Vigor2915 Series - Update to 4.4.6.1+
• Vigor2862/2926 (LTE) - Update to 3.9.9.12+
• Older models such as Vigor2860, 2925, 2133, 2762, 2832 - Updates available as well.
So basically if you have a Vigor router, you should check to see if updates are available now.
• Disable remote WebUI or SSL VPN access
• Implement ACLs/VLANs access. All of these options do not prevent local access (inside your network) from being compromised.
Additionally, the researcher who has discovered this vulnerability has performed public proof of concept with a working exploit, and will be sharing this shortly. Hackers could easily begin exploiting this in the near future.
In closing, if you have a Vigor router, please don’t hesitate—and update your firmware now. It’s just like locking your doors after hearing of nearby burglaries. Better safe than sorry. So, what do you think? Will you update tonight?
What's going on?
DrayTek has released a notice of a critical vulnerability that allows attackers to run remote code on several of the Vigor routers. This vulnerability, known as CVE-2025-10547, allows attackers to exploit the vulnerability without needing a password.How does it work?
By sending specially crafted web requests against the routers WebUI, the attacker is able to perform one of the following actions:• Corrupt the routers memory;
• Cause the system to crash; or
• Gain full remote code access to the device.
Could you imagine someone taking control of your internet?
Which models are impacted?
There are many models affected. A few examples include:• Vigor1000B, Vigor2962, Vigor3910/3912 - Update to 4.4.3.6+
• Vigor2135, 2763/65/66, 2865/66, 2927 (LTE/5G) - Update to 4.5.1+
• Vigor2915 Series - Update to 4.4.6.1+
• Vigor2862/2926 (LTE) - Update to 3.9.9.12+
• Older models such as Vigor2860, 2925, 2133, 2762, 2832 - Updates available as well.
So basically if you have a Vigor router, you should check to see if updates are available now.
What should you take action on?
DrayTek states that the best remedy is to immediately update your firmware. If you’re not at that place to update at this time, you may:• Disable remote WebUI or SSL VPN access
• Implement ACLs/VLANs access. All of these options do not prevent local access (inside your network) from being compromised.
So, why is this critical?
Vigor routers are commonly found within a small business, medical, and professional networking settings. Should an unauthorized hacker breach these routers, they can extract data from your organization, incur your operation to go down, or possibly install malware with significant implications.Additionally, the researcher who has discovered this vulnerability has performed public proof of concept with a working exploit, and will be sharing this shortly. Hackers could easily begin exploiting this in the near future.
In closing, if you have a Vigor router, please don’t hesitate—and update your firmware now. It’s just like locking your doors after hearing of nearby burglaries. Better safe than sorry. So, what do you think? Will you update tonight?
