CVE-2024-53937 Information

Description

An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933 hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However the TELNET password is dictated by the current GUI password.)

Reference

https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53937.txt https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf