Name of the Vulnerable Software and Affected Versions:

Draytek AP903 versions 1.4.18

Draytek AP912C version 1.4.9

Draytek AP918R version 1.4.9

Description:

The Draytek products are susceptible to insecure configurations due to hardcoded weak passwords within configuration files. Specifically, a weak password is set for the secret field in the `clients.conf` file related to FreeRadius, and the password property in the `ripd.conf` file. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.

Recommendations:

Draytek AP903 version 1.4.18: Change the hardcoded password in the `clients.conf` file and the `ripd.conf` file.

Draytek AP912C version 1.4.9: Change the hardcoded password in the `clients.conf` file and the `ripd.conf` file.

Draytek AP918R version 1.4.9: Change the hardcoded password in the `clients.conf` file and the `ripd.conf` file.