Primary

Context

Draytek Access Points Insecure Configuration Vulnerability Allowing Unauthorized Control Over Routing Daemon

Vulnerability

A vulnerability exists in certain Draytek access point models, specifically the AP903 running version 1.4.18, and the AP912C and AP918R both on version 1.4.9. These models are affected by an insecure configuration that introduces a hardcoded weak password in the ripd.conf file. This flaw allows an attacker with network access to gain unauthorized control over the routing daemon, potentially leading to unauthorized changes in network routes or interception of traffic.

Impact

Exploitation of this vulnerability could allow an attacker to gain unauthorized control over the routing daemon, with the potential to alter network routes or intercept traffic.

Added: Aug 4, 2025, 3:21 PM

Updated: Aug 4, 2025, 4:31 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

7.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

7.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Draytek Access Points Insecure Configuration Vulnerability Allowing Unauthorized Control Over Routing Daemon

Vulnerability

Impact

Affected Products

Draytek AP912C

Draytek AP918R

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating