CVE-2025-44643HIGH 8.6EPSS p15.7%

CVE-2025-44643CVE-2025-44643

Description

Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS0.25% probability of exploitation · percentile 15.7% · 2026-06-19T12:03:05Z
Published2025-08-04
Last modified2026-04-15

Underlying weaknesses· 2

CWE-276CWE-798

References

  1. http://draytek.com
  2. https://www.notion.so/Misconfiguration-in-Draytek-AP903-23a54a1113e780aca7f2d21dbdab9db8

2

TypeTargetConfidenceTier
WeaknessIncorrect Default Permissionscwe-2760%live
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-55848
CVE
CVE-2026-9210
CVE
CVE-2026-9211
CVE
CVE-2026-0417
CVE
CVE-2025-44083
CVE
CVE-2026-9212
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.