PT-2025-31818 · Draytek · Draytek Ap918R+2
Published
2025-08-04
·
Updated
2025-09-28
·
CVE-2025-44643
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Draytek AP903 versions 1.4.18
Draytek AP912C version 1.4.9
Draytek AP918R version 1.4.9
Description
The Draytek products are susceptible to insecure configurations due to hardcoded weak passwords within configuration files. Specifically, a weak password is set for the secret field in the
clients.conf file related to FreeRadius, and the password property in the ripd.conf file. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.Recommendations
Draytek AP903 version 1.4.18: Change the hardcoded password in the
clients.conf file and the ripd.conf file.
Draytek AP912C version 1.4.9: Change the hardcoded password in the clients.conf file and the ripd.conf file.
Draytek AP918R version 1.4.9: Change the hardcoded password in the clients.conf file and the ripd.conf file.Fix
Incorrect Default Permissions
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Draytek Ap903
Draytek Ap912C
Draytek Ap918R