ГлавнаяУязвимости → CVE-2025-10547
9.8критическая

CVE-2025-10547

→ есть в БДУ: BDU:2025-13369 (на русском)
Описание (на английском; русское — в БДУ выше)

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/https://www.kb.cert.org/vuls/id/294418