CVE-2024-53939

Name of the Vulnerable Software and Affected Versions: Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933

Description: A problem was discovered in Victure RX1800 WiFi 6 Router devices. The "/cgi-bin/luci/admin/opsw/Dual freq un apple" endpoint is vulnerable to command injection through the name parameters of 2.4 GHz and 5 GHz, allowing an attacker to execute arbitrary commands on the device with root-level permissions via crafted input.

Recommendations: For Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933, as a temporary workaround, consider disabling access to the "/cgi-bin/luci/admin/opsw/Dual freq un apple" endpoint until a patch is available. Restrict input for the name parameters of 2.4 GHz and 5 GHz frequencies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.