CVE-2025-28202 – This vulnerability allows attackers to enable S... (How to Fix)

Q: What is the severity of CVE-2025-28202?

CVE-2025-28202 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to enable SSH and Telnet services on Victure RX1800 routers without authentication. Attackers can gain administrative access to the router, potentially compromising the entire network. All users of Victure RX1800 EN_V1.0.0_r12_110933 are affected.

📋 TL;DR

This vulnerability allows attackers to enable SSH and Telnet services on Victure RX1800 routers without authentication. Attackers can gain administrative access to the router, potentially compromising the entire network. All users of Victure RX1800 EN_V1.0.0_r12_110933 are affected.

💻 Affected Systems

Products:

Victure RX1800

Versions: EN_V1.0.0_r12_110933

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Rx1800 Firmware by Govicture

View all CVEs affecting Rx1800 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network compromise - attackers gain full router control, intercept all traffic, deploy malware to connected devices, and pivot to internal systems.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft, and network surveillance of all connected devices.

🟢

If Mitigated

Limited to router configuration changes if network segmentation isolates the router from critical systems.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - If router management interface is only accessible internally, risk is reduced but still significant.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and has a public proof-of-concept available, making exploitation trivial.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Victure website for firmware updates. 2. Download latest firmware. 3. Access router admin panel. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Disable SSH and Telnet services and ensure router admin interface is not accessible from WAN

Network segmentation

all

Isolate router management interface to dedicated VLAN with strict access controls

🧯 If You Can't Patch

Replace affected router with a different model that receives security updates
Implement strict firewall rules blocking all inbound access to router management ports (22, 23, 80, 443)

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin panel. If version is EN_V1.0.0_r12_110933, you are vulnerable.

Check Version:

Login to router admin panel and check System Information or Firmware Version section

Verify Fix Applied:

Verify firmware version has changed from vulnerable version and test that SSH/Telnet cannot be enabled without authentication.

📡 Detection & Monitoring

Log Indicators:

Unexpected SSH/Telnet service activation
Failed authentication attempts to router admin
Configuration changes without authorized user

Network Indicators:

Unexpected SSH/Telnet traffic to router
Port scans targeting router management ports
Anomalous outbound connections from router

SIEM Query:

source="router_logs" AND (event="ssh_enabled" OR event="telnet_enabled" OR auth_failure_count>5)

📊 Metadata

CVE ID: CVE-2025-28202

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

EPSS Score: 0.04% exploit probability (12.7th percentile)

Published: May 9, 2025

Last Updated: June 12, 2025

🔗 References

https://pwnit.io/2025/02/13/finding-vulnerabilities-in-wi-fi-router/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-28202, you might also want to check these: