CVE-2024-53940

Summary

CVE-2024-53940 is a critical vulnerability affecting Victure RX1800 WiFi 6 Routers with software EN_V1.0.0_r12_110933 and hardware version 1.0. An issue was discovered in certain /cgi-bin/luci/admin endpoints, which are susceptible to command injection. Attackers can exploit this vulnerability by sending maliciously crafted payloads through parameters designed for the ping utility, allowing them to execute arbitrary commands with root-level permissions on the affected device. This issue poses a significant security risk, as attackers can gain complete control over the router, potentially leading to data theft, unauthorized access, or other malicious activities. Users are strongly advised to update their router software as soon as a patch becomes available to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.