Vulnerability Details CVE-2021-43284
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
- https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
- https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
- https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
Products affected by CVE-2021-43284
-
cpe:2.3:h:govicture:wr1200:-
-
cpe:2.3:o:govicture:wr1200_firmware:-
-
cpe:2.3:o:govicture:wr1200_firmware:1.0.3