Victure RX1800 Incorrect Access Control Vulnerability Allowing Unauthorized Activation of SSH and Telnet Services

A vulnerability in the Victure RX1800 router, running firmware version EN_V1.0.0_r12_110933, allows attackers to enable SSH and Telnet services without authentication. This flaw arises from improper access control, leaving these services exposed by default. The vulnerability can be exploited by anyone with access to the router's Wi-Fi network.

Impact

Exploitation of this vulnerability grants unauthorized access to SSH and Telnet services, allowing for remote code execution or root access on the device.

Reproduction

To reproduce this vulnerability, connect to the Victure RX1800 router's Wi-Fi network. Once connected, send a request to the router's web interface, specifically to the 'ZeroSetting' endpoint under the 'admin' system. This can be done using a tool like curl. The request should include the 'area' parameter with a value that includes a command to be executed. After the request is sent, the command will be executed on the router, and the response will confirm the action.