CVE-2025-44643
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-08-05
Assigner: MITRE
Description
Description
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| draytek | ap918r | 1.4.9 |
| draytek | ap903 | 1.4.18 |
| draytek | ap912c | 1.4.9 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves certain Draytek products where the FreeRadius-related clients.conf configuration file contains a hardcoded weak password in the secret field. This insecure permission setting can be exploited, posing a security risk.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access due to the weak hardcoded password, potentially allowing attackers to compromise confidentiality and integrity of data, and cause high impact on availability of the affected systems.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70