CRITICAL🇵🇱 Wersja polska

CVE-2025-28200

CVSS 9.8v3.1pub. 2025-05-09upd. 2026-07-05

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

🤖 AI Analysis
How it works

The device's default password is deterministically derived from the MAC address, which is publicly broadcast during wireless network operation. Knowing the router's MAC address—easy to intercept through passive listening—an attacker can calculate or guess the default password without any user intervention. The vulnerability is classified as CWE-521 (Weak Password Requirements), meaning there is no requirement to change the password to a strong one before first use.

Impact

An attacker can gain full unauthorized access to the router's administrative panel, enabling device takeover, network configuration changes, network traffic interception, and potential use of the router as an entry point to the internal network.

Mitigation & patch

Immediately change the default administrator password to a strong, unique password unrelated to the device's MAC address. Apply patches available from the manufacturer according to references. Until updates are applied, it is recommended to restrict access to the administrative panel to the local network only and disable remote management.

Who is affected

Govicture RX1800 with firmware version EN_V1.0.0_r12_110933

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Govicture Rx1800

    HW
    Govicture
    1.0.0
  • Govicture Rx1800 Firmware

    OS
    Govicture
    r12_110933
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-28202HIGH8.8ten sam produkt

Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet serv...

CVE-2025-28203HIGH8.8ten sam produkt

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.

CVE-2025-28201MEDIUM6.8ten sam produkt

An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary cod...

CVE-2020-15744CRITICAL9.6ten sam vendor

Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows a...

CVE-2019-15940CRITICAL9.8ten sam vendor

Victure PC530 devices allow unauthenticated TELNET access as root.