CVE-2024-53937

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53937
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53937.txt
https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf
Configurations

No configuration.

History

03 Dec 2024, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CWE CWE-863
Summary
  • (es) Se descubrió un problema en los dispositivos Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0). El servicio TELNET está habilitado de forma predeterminada con admin/admin como credenciales predeterminadas y está expuesto a través de la LAN. Esto permite a los atacantes ejecutar comandos arbitrarios con permisos de nivel root. La configuración del dispositivo no requiere que se cambie esta contraseña durante la configuración para poder utilizar el dispositivo. (Sin embargo, la contraseña de TELNET está determinada por la contraseña de la GUI actual).

02 Dec 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-02 23:15

Updated : 2024-12-03 19:15

NVD link : CVE-2024-53937

Mitre link : CVE-2024-53937

CVE.ORG link : CVE-2024-53937

JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization