CVE-2024-53937 is a vulnerability identified in the Victure RX1800 WiFi 6 Router, specifically in software version EN_V1.0.0_r12_110933 and hardware version 1.0. The root cause is that the TELNET service is enabled by default and accessible over the LAN interface with default credentials set to admin/admin. This default configuration allows any attacker with local network access to connect to the TELNET service without authentication and execute arbitrary commands with root-level privileges. The TELNET password is linked to the GUI password, but the device setup process does not mandate changing this password, leaving many devices vulnerable if default or weak GUI passwords are used. The vulnerability is classified under CWE-863 (Incorrect Authorization), indicating a failure to properly restrict access to privileged functions. The CVSS v3.1 base score is 8.8 (high), reflecting the low attack complexity, no required privileges or user interaction, and the complete compromise potential (confidentiality, integrity, and availability). Although no public exploits have been reported yet, the vulnerability's nature makes it a prime target for attackers seeking to gain persistent, root-level control over affected routers. This can lead to network traffic interception, device manipulation, or pivoting attacks within the local network.

The impact of CVE-2024-53937 is significant for organizations using the Victure RX1800 WiFi 6 Router. Attackers gaining root access can fully control the device, potentially intercepting or modifying network traffic, deploying malware, or using the router as a foothold for lateral movement within corporate or home networks. This compromises confidentiality by exposing sensitive data, integrity by allowing unauthorized changes to device configurations or network traffic, and availability by enabling denial-of-service attacks or device bricking. Since the TELNET service is exposed over LAN, any attacker with local network access—such as a compromised device, guest user, or malicious insider—can exploit this vulnerability. This risk extends to environments with poor network segmentation or where WiFi networks are shared with untrusted users. The lack of enforced password changes during setup exacerbates the risk, as many users may retain default or weak credentials. The vulnerability could disrupt business operations, lead to data breaches, or facilitate further attacks on connected systems.

To mitigate CVE-2024-53937, organizations should immediately disable the TELNET service on all affected Victure RX1800 routers to eliminate the attack vector. If disabling TELNET is not possible, change the default admin/admin credentials to a strong, unique password and ensure the GUI password is also robust. Network administrators should implement strict network segmentation to restrict LAN access to trusted devices only. Monitoring network traffic for unusual TELNET connections can help detect exploitation attempts. Since no official patches are currently available, users should regularly check for firmware updates from Victure and apply them promptly once released. Additionally, consider replacing vulnerable devices with models that do not enable TELNET by default or that enforce secure setup procedures. Educate users about the risks of default credentials and the importance of changing passwords during device setup. Employ network access controls and intrusion detection systems to identify and block unauthorized access attempts on the LAN.