CVE-2025-44643 in AP903info

Summary

by MITRE • 08/04/2025

Certain Draytek products are affected by Insecure Permissions. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the secret field in the FreeRadius-related clients.conf configuration file sets a hardcoded weak password, posing a security risk.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 08/06/2025

The vulnerability identified as CVE-2025-44643 represents a critical insecure permissions issue affecting specific Draytek network devices including the AP903 v1.4.18, AP912C v1.4.9, and AP918R v1.4.9 models. This security flaw resides within the FreeRadius-related configuration file clients.conf where a hardcoded weak password is implemented for the secret field, creating an exploitable condition that undermines the authentication mechanisms of these wireless access points. The vulnerability stems from poor security practices in configuration management where default credentials are not properly randomized or replaced with strong authentication values, leaving the devices susceptible to unauthorized access through well-known default credential attacks.

From a technical perspective, the flaw manifests in the configuration file where the secret field contains a hardcoded weak password rather than implementing proper credential generation or randomization. This configuration setting directly violates security best practices and creates a persistent backdoor that attackers can exploit to gain unauthorized access to the wireless network infrastructure. The hardcoded nature of this password means that any individual possessing knowledge of the specific vulnerability can readily compromise the affected devices, as the credentials remain static across all instances of the affected firmware versions. This weakness specifically impacts the authentication process for FreeRadius clients, which are commonly used for wireless network access control and user authentication in enterprise environments.

The operational impact of this vulnerability extends beyond simple unauthorized access, as compromised devices can serve as entry points for broader network infiltration attacks. Attackers exploiting this vulnerability can potentially gain administrative privileges on the affected access points, allowing them to modify network configurations, intercept wireless traffic, or establish persistent access to the network infrastructure. The implications are particularly severe in enterprise environments where these devices might be used for wireless network access control, as the compromise of authentication mechanisms can lead to complete network infiltration. This vulnerability aligns with CWE-798, which specifically addresses the use of hardcoded credentials, and represents a clear violation of the principle of least privilege and secure configuration management practices.

Security professionals should prioritize immediate remediation of this vulnerability through firmware updates provided by Draytek, as well as implementation of network segmentation and monitoring to detect potential exploitation attempts. The recommended mitigations include updating all affected devices to patched firmware versions, implementing strong password policies for all network devices, and conducting comprehensive network assessments to identify any other instances of hardcoded credentials. Organizations should also consider implementing network access control measures such as 802.1X authentication with strong credentials, as well as continuous monitoring for unauthorized device access or configuration changes. This vulnerability demonstrates the critical importance of proper credential management and configuration security, aligning with ATT&CK technique T1078 which addresses valid accounts and privilege escalation through compromised authentication mechanisms. The presence of such hardcoded credentials in network infrastructure devices represents a fundamental security weakness that requires immediate attention to prevent potential exploitation and maintain network integrity.

Responsible

MITRE

Reservation

04/22/2025

Disclosure

08/04/2025

Moderation

accepted

CPE

ready

EPSS

0.00243

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!