Vendor of Product: Draytek

Affected Product and Version: AP903 v1.4.18

Description: In Draytek AP903 v1.4.18, there is a insecure configuration vulnerability. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.

Detail:

In the Draytek AP903 firmware, the content of /etc/quagga/ripd.conf is as follows.

password zebra
!
access-list vty permit 127.0.0.0/8
access-list vty deny any
!
line vty
 access-class vty

Obviously, there is a misconfiguration vulnerability here. The developers directly hard-coded the weak password zebra into the ripd.conf configuration file in the firmware, and the attacker can directly obtain the password by extracting the file system from the Draytek AP903 firmware.

An attacker with network access could exploit this hardcoded weak password to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.