CVE-2021-43282

Name: CVE-2021-43282
Creator: NVD / NIST
Published: 2021-11-30T19:15:09.327+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.66%

Last modified Jun 17, 2026

CVE-2021-43282 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. EPSS estimates a 0.66% chance of exploitation in the next 30 days.

Description

An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.66%

47.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-798

Affected Software

Vendor	Product	Versions
Govicture	Wr1200 Firmware	<= 1.0.3

References

https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/Exploit, Third Party Advisory
https://www.nccgroup.trust/us/our-research/?research=Technical+advisoriesExploit, Third Party Advisory
https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/Exploit, Third Party Advisory
https://www.nccgroup.trust/us/our-research/?research=Technical+advisoriesExploit, Third Party Advisory

Timeline

Published: Nov 30, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-43282?

How severe is CVE-2021-43282?

CVE-2021-43282 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.66% probability of exploitation in the next 30 days.

How do I fix CVE-2021-43282?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-43282?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST