Vendor of Product: Draytek
Affected Product and Version: AP903 v1.4.18
Description:
In Draytek AP903 v1.4.18, there is a insecure configuration vulnerability. The setting of the password
property in the ripd.conf
configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.
Detail:
In the Draytek AP903
firmware, the content of /etc/quagga/ripd.conf
is as follows.
password zebra
!
access-list vty permit 127.0.0.0/8
access-list vty deny any
!
line vty
access-class vty
Obviously, there is a misconfiguration vulnerability here. The developers directly hard-coded the weak password zebra
into the ripd.conf
configuration file in the firmware, and the attacker can directly obtain the password by extracting the file system from the Draytek AP903
firmware.
An attacker with network access could exploit this hardcoded weak password to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.