Victure
Products
5- 5 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-28200 | Cri | 0.64 | 9.8 | 0.01 | May 9, 2025 | Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address. | ||
| CVE-2019-15940 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2019 | Victure PC530 devices allow unauthenticated TELNET access as root. | ||
| CVE-2020-15744 | Cri | 0.63 | 9.6 | 0.01 | Aug 30, 2021 | Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions. | ||
| CVE-2021-43283 | Hig | 0.58 | 8.8 | 0.05 | Nov 30, 2021 | An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.… | ||
| CVE-2025-28203 | Hig | 0.57 | 8.8 | 0.01 | May 9, 2025 | Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability. | ||
| CVE-2025-28202 | Hig | 0.57 | 8.8 | 0.00 | May 9, 2025 | Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication. | ||
| CVE-2024-53937 | Hig | 0.57 | 8.8 | 0.00 | Dec 2, 2024 | An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with… | ||
| CVE-2024-53941 | Hig | 0.57 | 8.8 | 0.01 | Dec 2, 2024 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID. | ||
| CVE-2024-53940 | Hig | 0.57 | 8.8 | 0.02 | Dec 2, 2024 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the… | ||
| CVE-2024-53939 | Hig | 0.57 | 8.8 | 0.03 | Dec 2, 2024 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to… | ||
| CVE-2024-53938 | Hig | 0.57 | 8.8 | 0.00 | Dec 2, 2024 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over… | ||
| CVE-2023-41612 | Hig | 0.57 | 8.8 | 0.00 | Sep 18, 2024 | Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card. | ||
| CVE-2023-41610 | Hig | 0.57 | 8.8 | 0.00 | Sep 18, 2024 | Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext. | ||
| CVE-2021-43284 | Hig | 0.51 | 7.8 | 0.00 | Nov 30, 2021 | An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web… | ||
| CVE-2025-28201 | Med | 0.44 | 6.8 | 0.00 | May 9, 2025 | An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access. | ||
| CVE-2023-41611 | Med | 0.42 | 6.5 | 0.00 | Sep 18, 2024 | Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data. | ||
| CVE-2021-43282 | Med | 0.42 | 6.5 | 0.01 | Nov 30, 2021 | An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network… |
- risk 0.64cvss 9.8epss 0.01
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
- risk 0.64cvss 9.8epss 0.02
Victure PC530 devices allow unauthenticated TELNET access as root.
- risk 0.63cvss 9.6epss 0.01
Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.
- risk 0.58cvss 8.8epss 0.05
An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.…
- risk 0.57cvss 8.8epss 0.01
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.
- risk 0.57cvss 8.8epss 0.00
Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication.
- risk 0.57cvss 8.8epss 0.00
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to…
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over…
- risk 0.57cvss 8.8epss 0.00
Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.
- risk 0.57cvss 8.8epss 0.00
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web…
- risk 0.44cvss 6.8epss 0.00
An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access.
- risk 0.42cvss 6.5epss 0.00
Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network…