Security readout for executives and security teams
Plain-English summary
This CVE describes a critical weakness in Victure RX1800 firmware EN_V1.0.0_r12_110933: the default password is predictable because it uses the last 8 digits of the device MAC address. If unchanged, an attacker who can reach the device login may gain administrative access.
Executive priority
Treat this as urgent for any environment using the named router firmware. The business risk is device takeover, network interception, configuration changes, and outage if default credentials remain active.
Technical view
CVE-2025-28200 is mapped to CWE-521 and has CVSS 3.1 score 9.8, network attack vector, low complexity, no privileges, and high confidentiality, integrity, and availability impact. The provided affected metadata is incomplete, but the description names Victure RX1800 EN_V1.0.0_r12_110933.
Likely exposure
Highest exposure is Victure RX1800 devices running the named firmware with unchanged default credentials, especially where management interfaces are reachable from untrusted networks. Exposure cannot be fully scoped from the provided affected metadata because vendor, product, versions, and CPE fields are listed as n/a.
Exploitation context
The CVE is not marked as CISA KEV in the supplied bundle, and no cited source states active exploitation. A public research write-up exists, and the weakness is inherently easy to abuse when the default password remains in place and the device is reachable.
Researcher notes
The source bundle gives strong severity scoring but limited product metadata. Avoid broad claims beyond Victure RX1800 EN_V1.0.0_r12_110933. No exploit-in-the-wild evidence is provided; validation should focus on inventory, credential state, firmware version, and management-plane exposure.
Mitigation direction
Change default administrator passwords on all RX1800 devices immediately.
Restrict router management access to trusted local networks or VPN only.
Inventory RX1800 devices and record firmware version EN_V1.0.0_r12_110933 exposure.
Check Victure or distributor guidance for firmware updates or official remediation.
Replace or isolate devices if no vendor fix is available.
Validation and detection
Identify any Victure RX1800 devices in managed environments.
Confirm whether firmware EN_V1.0.0_r12_110933 is installed.
Verify administrator passwords are unique and not MAC-derived defaults.
Check whether management interfaces are reachable from untrusted networks.
Review authentication logs for unexpected administrative access attempts.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-521: Credential and account abuse lookup
Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
2Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-521 · source CWE mapping
Weak Password Requirements
Weak Password Requirements represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.