A critical vulnerability affecting DrayOS routers could let unauthenticated attackers execute code remotely.
Discovered on July 22 by Pierre-Yves Maes of ChapsVision, the flaw stems from the use of an uninitialized variable in the Web User Interface (WebUI).
Crafting special HTTP or HTTPS requests to the WebUI triggers memory corruption, potentially crashing the device or allowing remote code execution in specific scenarios.
https://gbhackers.com/drayos-router-flaw/