216.73.216.133

CVE-2025-44643

· Published 04/08/2025 15:15 · Modified 05/08/2025 14:34

Labels: CVE-2025-44643 2025-08-04CVE-2025-44643CWE-276[email protected]

Essential information

Published
04/08/2025 15:15
Modified
05/08/2025 14:34
Author
Creator
CVSS
8.6 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS metrics

Description

Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
draytek / ap903 cpe:2.3:a:draytek:ap903:1.4.18:*:*:*:*:*:*:*
draytek / ap912c cpe:2.3:a:draytek:ap912c:1.4.9:*:*:*:*:*:*:*
draytek / ap918r cpe:2.3:a:draytek:ap918r:1.4.9:*:*:*:*:*:*:*

References