CVE-2024-53937

Name of the Vulnerable Software and Affected Versions: Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933

Description: A problem was discovered in Victure RX1800 WiFi 6 Router devices where the TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. This allows attackers to execute arbitrary commands with root-level permissions. The device setup does not require this password to be changed during setup in order to utilize the device. However, the TELNET password is dictated by the current GUI password.

Recommendations: To resolve the issue, change the default TELNET password to a strong and unique password. As a temporary workaround, consider disabling the TELNET service until a patch is available. Additionally, ensure that the GUI password is also changed to a strong and unique password, as it dictates the TELNET password.