Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
The device's default password is deterministically derived from the MAC address, which is publicly broadcast during wireless network operation. Knowing the router's MAC address—easy to intercept through passive listening—an attacker can calculate or guess the default password without any user intervention. The vulnerability is classified as CWE-521 (Weak Password Requirements), meaning there is no requirement to change the password to a strong one before first use.
An attacker can gain full unauthorized access to the router's administrative panel, enabling device takeover, network configuration changes, network traffic interception, and potential use of the router as an entry point to the internal network.
Immediately change the default administrator password to a strong, unique password unrelated to the device's MAC address. Apply patches available from the manufacturer according to references. Until updates are applied, it is recommended to restrict access to the administrative panel to the local network only and disable remote management.
Govicture RX1800 with firmware version EN_V1.0.0_r12_110933
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGovicture Rx1800
HWGovicture1.0.0Govicture Rx1800 Firmware
OSGovicturer12_110933
Related vulnerabilities
Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet serv...
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.
An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary cod...
Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows a...
Victure PC530 devices allow unauthenticated TELNET access as root.