| عنوان | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash |
|---|
| الوصف | RealTek RTL8196C chip on router PCB exposes UART serial debug console. You are immediately dropped into a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
Example of how this can be leveraged for an actual attack is attached in Advisory/Exploit section, but full writeups below:
References:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with
Attempted to contact vendor via phone but got no response. No public email found on their website: https://www.netis-systems.com/about/contact.html |
|---|
| المصدر | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with |
|---|
| المستخدم | scoozi (UID 82836) |
|---|
| ارسال | 15/03/2025 11:50 PM (1 سنة منذ) |
|---|
| الاعتدال | 28/03/2025 12:48 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 301895 [Netis WF-2404 1.1.124EN /еtc/passwd تشفير ضعيف] |
|---|
| النقاط | 20 |
|---|