CVE Catalog

CVE-2025-28200

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.57%

43th percentile - higher than 43% of all known CVEs

Summary

The Victure RX1800 device (firmware version EN_V1.0.0_r12_110933) uses a default password consisting of the last 8 digits of the MAC address. This makes the password easily guessable by anyone who knows the device's MAC address.

Risk Assessment

An attacker who knows or can discover the device's MAC address (e.g., via network scanning) can easily access the administrative panel and take control of the router, potentially compromising network security.

Recommendation

It is recommended to immediately change the default password to a strong, unique password. Also check if the manufacturer provides a firmware update that fixes this vulnerability.

Original NVD description (English source)

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS