| عنوان | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash |
|---|
| الوصف | RealTek RTL8196C chip exposes UART serial debug console on router PCB. It drops you into a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
Even though there is no prompt for authentication on root account, the default password for the RealTek root password (which happens to be "realtek") is stored using DES Crypt for hashing. Cracked in 12 seconds on a personal laptop.
Full writeup demonstrating root password hash stored in /etc/passwd file:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
References:
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.des_crypt.html
|
|---|
| المصدر | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont |
|---|
| المستخدم | scoozi (UID 82836) |
|---|
| ارسال | 15/03/2025 11:53 PM (1 سنة منذ) |
|---|
| الاعتدال | 28/03/2025 12:48 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 301896 [Netis WF-2404 1.1.124EN /etc/passwd Local Privilege Escalation] |
|---|
| النقاط | 20 |
|---|