| Titel | TOTOLINK Wi-Fi 6 Router X2000R-Gh-V2.0.0 Insecure Storage of Sensitive Information |
|---|
| Beschreibung | An insecure password vulnerability was identified in TOTOLINK Wi-Fi 6 Router series devices running firmware version X2000R-Gh-V2.0.0. The root user account uses a weak password (cracked as "123456" using the John tool). This password is stored in the world-readable file /etc/shadow.sample using MD5-crypt hashing, which can be easily decrypted by tools like John and exploited. For example, it allows unauthorized root access to the device through network-accessible services or the administrative interface. |
|---|
| Quelle | ⚠️ https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md |
|---|
| Benutzer | lxyilu (UID 88936) |
|---|
| Einreichung | 16.08.2025 12:31 (vor 10 Monaten) |
|---|
| Moderieren | 28.08.2025 13:12 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 321691 [TOTOLINK X2000R bis 2.0.0 Administrative Interface /etc/shadow.sample Information Disclosure] |
|---|
| Punkte | 20 |
|---|