CVE-2025-44643

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-44643
Type cve
Published 2025-08-04T15:15:32
Last Seen 2025-08-04T15:21:33
Modified 2025-08-04T15:15:32

CVSS Information

Base Score 8.6 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Analysis

AI Description Draytek Vigor products are affected by insecure permissions due to a hardcoded weak password in the FreeRadius clients.conf configuration file. This vulnerability impacts versions AP903 v1.4.18, AP912C v1.4.9, and AP918R v1.4.9, posing a security risk.
AI Severity High
AI Vendor Draytek
AI Product Draytek Vigor
AI Version AP903 v1.4.18, AP912C v1.4.9, AP918R v1.4.9

Additional Information

CVE List CVE-2025-44643
CWE List CWE-276, CWE-798
Bulletin Family cve

Description

Certain Draytek products are affected by Insecure Permissions. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the secret field in the FreeRadius-related clients.conf configuration file sets a hardcoded weak password, posing a security risk.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.