CVE-2021-43282

An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:govicture:wr1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:govicture:wr1200:-:*:*:*:*:*:*:*

History

03 Dec 2021, 15:56

Type Values Removed Values Added
References (MISC) https://www.nccgroup.trust/us/our-research/?research=Technical+advisories - (MISC) https://www.nccgroup.trust/us/our-research/?research=Technical+advisories - Exploit, Third Party Advisory
References (MISC) https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/ - (MISC) https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/ - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 3.3
v3 : 6.5
CPE cpe:2.3:o:govicture:wr1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:govicture:wr1200:-:*:*:*:*:*:*:*
CWE CWE-798

30 Nov 2021, 19:37

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-30 19:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-43282

Mitre link : CVE-2021-43282

CVE.ORG link : CVE-2021-43282


JSON object : View

Products Affected

govicture

  • wr1200
  • wr1200_firmware
CWE
CWE-798

Use of Hard-coded Credentials