CVE-2021-43284
First published: Tue Nov 30 2021(Updated: )
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Govicture WR1200 Firmware | <=1.0.3 | |
| Greenpacket WR-1200 | ||
| All of | ||
| Govicture WR1200 Firmware | <=1.0.3 | |
| Greenpacket WR-1200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-43284.
What is the severity of CVE-2021-43284?
The severity of CVE-2021-43284 is high.
How does CVE-2021-43284 affect Victure WR1200 devices?
CVE-2021-43284 allows an attacker to gain control of Victure WR1200 devices through SSH.
What is the root SSH password in Victure WR1200 devices affected by CVE-2021-43284?
The root SSH password on Victure WR1200 devices affected by CVE-2021-43284 is never updated from its default value of 'admin'.
How can I fix the vulnerability CVE-2021-43284?
To fix the vulnerability CVE-2021-43284, it is recommended to update the firmware of Victure WR1200 devices to a version that addresses this issue.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/govicture
- canonical/govicture wr1200 firmware
- version/govicture wr1200 firmware/1.0.3
- canonical/greenpacket wr-1200