Victure RX1800 Arbitrary Code Execution and Root Access Vulnerability

A vulnerability in the Victure RX1800 Wi-Fi router, running firmware version EN_V1.0.0_r12_110933, allows physically proximate attackers to execute arbitrary code or gain root access. This issue is exploitable through an unprotected UART interface.

Impact

Exploitation of this vulnerability provides unauthorized access to the device with root privileges, allowing for complete control over the router's functions and settings.

Reproduction

The vulnerability can be reproduced by accessing the router's UART pins with a USB-to-Serial adapter. After connecting to the UART interface and establishing a serial communication session, the device can be rebooted to access the U-Boot bootloader. From there, the firmware can be dumped and analyzed for vulnerabilities. Once a vulnerability is identified, such as an authentication bypass, it can be exploited to execute commands on the router with root privileges.

Remediation

No official fix is available for this vulnerability. Users are advised to replace the Victure RX1800 router with a more reputable brand.