| عنوان | Tenda AC20 V16.03.08.12 Hard-coded Credentials |
|---|
| الوصف | A hardcoded credentials vulnerability exists in the Tenda AC20 router (firmware V16.03.08.12). The root user account in the device uses a hardcoded password, which is stored in the /etc_ro/shadow file with an MD5-crypt hash. This allows attackers to obtain the root password through password-cracking tools, thereby gaining unauthorized access to the router's system.
The vulnerability is caused by the hardcoding of the root user's password in the Tenda AC20 router firmware. During the analysis of the firmware, it was found that the /etc_ro/shadow file, which stores user account information, contains the root user's password hash. This hash can be easily cracked using password-cracking tools, revealing the plaintext password, thus enabling attackers to log in to the router's system with root privileges. |
|---|
| المصدر | ⚠️ https://github.com/ZZ2266/.github.io/tree/main/AC20/hardcoded%20password/readme.md |
|---|
| المستخدم | n0ps1ed (UID 88889) |
|---|
| ارسال | 12/08/2025 06:01 AM (10 أشهر منذ) |
|---|
| الاعتدال | 16/08/2025 08:06 AM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 320359 [Tenda AC20 16.03.08.12 /etc_ro/shadow توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|