CVE-2024-53940

Name of the Vulnerable Software and Affected Versions: Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933

Description: An issue was discovered in Victure RX1800 WiFi 6 Router devices, where certain "/cgi-bin/luci/admin" endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling arbitrary command execution with root-level permissions on the device.

Recommendations: For version EN V1.0.0 r12 110933, as a temporary workaround, consider restricting access to the "/cgi-bin/luci/admin" endpoints to minimize the risk of exploitation. Avoid using parameters intended for the ping utility in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.