| Titel | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash |
|---|
| Beschreibung | RealTek RTL8196C chip on router PCB exposes UART serial debug console. You are immediately dropped into a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
Example of how this can be leveraged for an actual attack is attached in Advisory/Exploit section, but full writeups below:
References:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with
Attempted to contact vendor via phone but got no response. No public email found on their website: https://www.netis-systems.com/about/contact.html |
|---|
| Quelle | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with |
|---|
| Benutzer | scoozi (UID 82836) |
|---|
| Einreichung | 15.03.2025 23:50 (vor 1 Jahr) |
|---|
| Moderieren | 28.03.2025 12:48 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 301895 [Netis WF-2404 1.1.124EN /еtc/passwd schwache Verschlüsselung] |
|---|
| Punkte | 20 |
|---|