CVE-2024-53940

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 2, 2024
Updated: Dec 3, 2024
CWE ID 78

Summary

CVE-2024-53940 is a critical vulnerability affecting Victure RX1800 WiFi 6 Routers with software EN_V1.0.0_r12_110933 and hardware version 1.0. The issue lies in certain /cgi-bin/luci/admin endpoints which are susceptible to command injection. Malicious actors can exploit this by sending specially crafted payloads through parameters designed for the ping utility, resulting in arbitrary command execution with root-level permissions on the device. Successful exploitation could lead to unauthorized access, data theft, or even device takeover. Users are strongly advised to update their routers as soon as a patch becomes available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share