PT-2021-23804 · Victure · Victure Wr1200
Published
2021-11-30
·
Updated
2021-12-03
·
CVE-2021-43284
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Victure WR1200 versions 1.0.0 through 1.0.3
Description
An issue was discovered where the root SSH password never gets updated from its default value of
admin. This enables an attacker to gain control of the device through SSH, regardless of whether the admin password was changed on the web interface.Recommendations
For Victure WR1200 versions 1.0.0 through 1.0.3, update the root SSH password from the default value of
admin to a unique and secure password to prevent unauthorized access.Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Victure Wr1200