| Titel | Tenda AP W12 V1/V2/V3 Hard-coded Credentials |
|---|
| Beschreibung | A hard-coded credentials vulnerability was identified in the Tenda AP W12 device running firmware version V1/V2/V3. The root user account uses a hard-coded password (cracked as "Fireitup" using the John tool). This password is stored in the file /etc_ro/shadow using MD5-crypt hashing, which can be easily decrypted by tools like John and exploited. For instance, it allows unauthorized root access to the device through network-accessible services or the administrative interface. |
|---|
| Quelle | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md |
|---|
| Benutzer | Yu Bao (UID 88956) |
|---|
| Einreichung | 25.08.2025 03:46 (vor 10 Monaten) |
|---|
| Moderieren | 01.09.2025 07:04 (7 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 322080 [Tenda W12 bis 3.0.0.6(3948) Administrative Interface /etc_ro/shadow schwache Authentisierung] |
|---|
| Punkte | 20 |
|---|