Insecure Permissions Vulnerability in Draytek Access Points
CVE-2025-44643

8.6HIGH

Key Information:

Vendor: Draytek
Status: Draytek Access Points
Vendor: CVE Published:; 4 August 2025

What is CVE-2025-44643?

Certain Draytek Access Points are susceptible to an Insecure Permissions issue related to the configuration of FreeRadius clients. Specifically, the hardcoding of a weak password in the clients.conf file potentially compromises the overall security, allowing unauthorized access and posing a significant risk to the network.

References

http://draytek.com

https://www.notion.so/Misconfiguration-in-Draytek-AP903-2...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2025
Vulnerability Reserved
Apr 22, 2025

JSON