Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

rx1800_firmware

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

5

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
9Vulnerabilities found
CVE-2025-28200
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 23.15%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 00:00
Updated-12 Jun, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

Action-Not Available
Vendor-govicturen/a
Product-rx1800_firmwarerx1800n/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-28201
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.70%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 00:00
Updated-12 Jun, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access.

Action-Not Available
Vendor-govicturen/a
Product-rx1800_firmwarerx1800n/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-28202
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.27%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 00:00
Updated-12 Jun, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication.

Action-Not Available
Vendor-govicturen/a
Product-rx1800_firmwarerx1800n/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-28203
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.23% / 83.85%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 00:00
Updated-12 Jun, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.

Action-Not Available
Vendor-govicturen/a
Product-rx1800_firmwarerx1800n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-53937
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 00:00
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)

Action-Not Available
Vendor-n/avicture
Product-n/arx1800_firmware
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-53941
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.96%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 00:00
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID.

Action-Not Available
Vendor-n/avicture
Product-n/arx1800_firmware
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-53938
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.11%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 00:00
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication.

Action-Not Available
Vendor-n/avicture
Product-n/arx1800_firmware
CWE ID-CWE-862
Missing Authorization
CVE-2024-53939
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.78% / 85.48%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 00:00
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input.

Action-Not Available
Vendor-n/avicture
Product-n/arx1800_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-53940
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.39% / 79.61%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 00:00
Updated-03 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling arbitrary command execution with root-level permissions on the device.

Action-Not Available
Vendor-n/avicture
Product-n/arx1800_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')