Description
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
Exploit, Third Party Advisory x_refsource_misc
https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
Scores
CVSS v3
7.8
EPSS
0.0039
EPSS Percentile
30.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
govicture/wr1200_firmware
< 1.0.3
Published
Nov 30, 2021
Tracked Since
Feb 18, 2026