PT-2024-35980 · Victure · Victure Rx1800 Wifi 6 Router
Edward Warren
·
Published
2024-12-02
·
Updated
2024-12-03
·
CVE-2024-53938
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933
Description:
A problem was discovered in Victure RX1800 WiFi 6 Router devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication.
Recommendations:
For version EN V1.0.0 r12 110933, consider disabling the TELNET service to prevent unauthorized access until a patch is available. Restrict access to the LAN to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Victure Rx1800 Wifi 6 Router