CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-43283

An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.033

EPSS Ranking 86.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
https://www.nccgroup.trust/us/our-research/?research=Technical+advisories

Products affected by CVE-2021-43283

Govicture » Wr1200 » Version: N/A

cpe:2.3:h:govicture:wr1200:-
Govicture » Wr1200 Firmware » Version: N/A

cpe:2.3:o:govicture:wr1200_firmware:-
Govicture » Wr1200 Firmware » Version: 1.0.3

cpe:2.3:o:govicture:wr1200_firmware:1.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43283

Products

Pricing

Contact Us