選單換圖效果,請啟用Active Scripting功能
南臺首頁 English
:::
訪客 未來學生 本校學生 教職同仁 畢業校友
:::
  南臺頭條新聞
  南臺影音新聞
  所有訊息
  重要公告
  行政公告
  校園活動
  專案計劃
  研討會資訊
  校內徵才
  校園職場實習
  工作機會
  國際證照
  南臺新生
  招生資訊
  南臺RSS新聞
  本月公告一覽
  停刊公告活動欄
  [公告系統登入]


【行政公告】 ::: [ 上一頁 ]
 
公 告 單位
 圖資處數位服務組
訊 息 類 別 行政公告 行政公告 公 告 對 象 全體
公 告 主 題
 【資安漏洞預警】DrayTek DrayOS存在高風險安全漏洞(CVE-2025-10547),請儘速確認並進行修補
[Security Vulnerability Alert] DrayTek DrayOS has a high-risk security vulnerability (CVE-2025-10547). Please confirm and patch it as soon as possible.
公 告 內 容
轉發 國家資安資訊分享與分析中心 NISAC-200-202510-00000003

[內容說明]
研究人員發現DrayTek DrayOS存在使用未初始化變數(Use of Uninitialized Variable)漏洞(CVE-2025-10547)。未經身分鑑別之遠端攻擊者可透過發送特製HTTP或HTTPS請求至裝置網頁介面,進而造成記憶體毀損與系統當機,在特定條件下甚至可達成執行任意程式碼,請儘速確認並進行修補。

[影響平台]
● Vigor1000B型號4.4.3.6(不含)以前版本
● Vigor2962型號4.4.3.6(不含)以前版本或4.4.5.1(不含)以前版本
● Vigor3910型號4.4.3.6(不含)以前版本或4.4.5.1(不含)以前版本
● Vigor3912型號4.4.3.6(不含)以前版本或4.4.5.1(不含)以前版本
● Vigor2135型號4.5.1(不含)以前版本
● Vigor2763型號4.5.1(不含)以前版本
● Vigor2765型號4.5.1(不含)以前版本
● Vigor2766型號4.5.1(不含)以前版本
● Vigor2865 Series型號4.5.1(不含)以前版本
● Vigor2865 LTE Series型號4.5.1(不含)以前版本
● Vigor2865L-5G Series型號4.5.1(不含)以前版本
● Vigor2866 Series型號4.5.1(不含)以前版本
● Vigor2866 LTE Series型號4.5.1(不含)以前版本
● Vigor2927 Series型號4.5.1(不含)以前版本
● Vigor2927 LTE Series型號4.5.1(不含)以前版本
● Vigor2927L-5G Series型號4.5.1(不含)以前版本
● Vigor2915 Series型號4.4.6.1(不含)以前版本
● Vigor2862 Series型號3.9.9.12(不含)以前版本
● Vigor2862 LTE Series型號3.9.9.12(不含)以前版本
● Vigor2926 Series型號3.9.9.12(不含)以前版本
● Vigor2952型號3.9.8.8(不含)以前版本
● Vigor2952P型號3.9.8.8(不含)以前版本
● Vigor3220型號3.9.8.8(不含)以前版本
● Vigor2860 Series型號3.9.8.6(不含)以前版本
● Vigor2860 LTE Series型號3.9.8.6(不含)以前版本
● Vigor2925 Series型號3.9.8.6(不含)以前版本
● Vigor2925 LTE Series型號3.9.8.6(不含)以前版本
● Vigor2133 Series型號3.9.9.4(不含)以前版本
● Vigor2762 Series型號3.9.9.4(不含)以前版本
● Vigor2832 Series型號3.9.9.4(不含)以前版本
● Vigor2620 Series型號3.9.9.5(不含)以前版本
● VigorLTE 200n型號3.9.9.5(不含)以前版本

[建議措施]
官方已針對漏洞釋出修復更新,請參考官方說明進行更新,網址如下:
https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/ https://www.draytek.com/zh/support/latest-firmwares/

[參考資料]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-10547
2. https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/
3. https://www.draytek.com/zh/support/latest-firmwares/
Forwarded from the National Information Security Information Sharing and Analysis Center (NISAC-200-202510-00000003)

[Description]
Researchers have discovered a Use of Uninitialized Variable vulnerability (CVE-2025-10547) in DrayTek DrayOS. An unauthenticated remote attacker can send specially crafted HTTP or HTTPS requests to the device's web interface, causing memory corruption and system crashes. Under certain conditions, it can even allow arbitrary code execution. Please verify and patch this vulnerability as soon as possible.

[Affected Platforms]
● Vigor1000B models running versions 4.4.3.6 (or earlier)
● Vigor2962 models running versions 4.4.3.6 (or earlier) or 4.4.5.1 (or earlier)
● Vigor3910 models running versions 4.4.3.6 (or earlier) or 4.4.5.1 (or earlier)
● Vigor3912 models running versions 4.4.3.6 (or earlier) or 4.4.5.1 (or earlier)
● Vigor2135 models running versions 4.5.1 (or earlier)
● Vigor2763 models running versions 4.5.1 (or earlier)
● Vigor2765 models running versions 4.5.1 (or earlier)
● Vigor2766 models running versions 4.5.1 (or earlier)
● Vigor2865 Series models running versions 4.5.1 (or earlier)
● Vigor2865 LTE Series models running versions 4.5.1 (exclusive) and earlier
● Vigor2865L-5G Series models running versions 4.5.1 (exclusive) and earlier
● Vigor2866 Series models running versions 4.5.1 (exclusive) and earlier
● Vigor2866 LTE Series models running versions 4.5.1 (exclusive) and earlier
● Vigor2927 Series models running versions 4.5.1 (exclusive) and earlier
● Vigor2927 LTE Series models running versions 4.5.1 (exclusive) and earlier
● Vigor2927L-5G Series models running versions 4.5.1 (exclusive) and earlier
● Vigor2915 Series models running versions 4.4.6.1 (exclusive) and earlier
● Vigor2862 Series models running versions 3.9.9.12 (exclusive) and earlier
● Vigor2862 LTE Series models running versions 3.9.9.12 (exclusive) and earlier
● Vigor2926 Series models running versions earlier than 3.9.9.12 (not included)
● Vigor2952 models running versions earlier than 3.9.8.8 (not included)
● Vigor2952P models running versions earlier than 3.9.8.8 (not included)
● Vigor3220 models running versions earlier than 3.9.8.8 (not included)
● Vigor2860 Series models running versions earlier than 3.9.8.6 (not included)
● Vigor2860 LTE Series models running versions earlier than 3.9.8.6 (not included)
● Vigor2925 Series models running versions earlier than 3.9.8.6 (not included)
● Vigor2925 LTE Series models running versions earlier than 3.9.8.6 (not included)
● Vigor2133 Series models running versions earlier than 3.9.9.4 (not included)
● Vigor2762 Series models running versions earlier than 3.9.9.4 (not included)
● Vigor2832 Series models: Versions 3.9.9.4 and earlier
● Vigor2620 Series models: Versions 3.9.9.5 and earlier
● VigorLTE 200n models: Versions 3.9.9.5 and earlier

[Recommended Action]
Officials have released a fix for this vulnerability. Please refer to the official instructions for updating. The URLs are as follows:
https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/ https://www.draytek.com/zh/support/latest-firmwares/

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-10547
2. https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities/
3. https://www.draytek.com/en/support/latest-firmwares/
相 關 訊 息


公 告 時 間
  2025/10/15   至 2026/4/15   
點 閱 次 數
 89

:::
 
地址:71005 台南市永康區南台街一號 (開車訪客請由中正南路→正南一街→進入南臺科技大學) HyperLink