CVE-2024-53938

HIGH

Victure RX1800 WiFi 6 Router - Info Disclosure

Title source: llm

Description

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication.

References (2)

Core 2

Core References

Various Sources

https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53938.txt

Various Sources

https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf

View Writeup ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0017

EPSS Percentile 38.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-862

Status published

Published Dec 02, 2024

Tracked Since Feb 18, 2026