CVE-2024-53941

Published: Dec 2, 2024Modified: Dec 3, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53941.txt

Source: cve@mitre.org

https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf

Source: cve@mitre.org

Timeline

No history available yet.