CVE-2021-43282

low-risk
Published 2021-11-30

An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Wr1200 Firmware

Affected Vendors

Govicture

References (4)

Exploit https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabili...
Exploit https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
Exploit https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabili...
Exploit https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
27
/ 100
low-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal