CVE-2021-43284

Опубликовано: 30 нояб. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).

Ссылки

https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
Exploit
Third Party Advisory
https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
Exploit
Third Party Advisory
https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
Exploit
Third Party Advisory
https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:govicture:wr1200_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.3 (включая)

cpe:2.3:h:govicture:wr1200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00122

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-xr37-95p8-x373

github

около 4 лет назад