| शीर्षक | E-Lins Technology E-Lins H685 Routers <=v3.2.337 Hard-coded Credentials |
|---|
| विवरण | This security flaw involves both the hard-coding of web system login credentials and the presence of a hidden OEM (Original Equipment Manufacturer) backend. The hidden backend can be accessed using a specific URL and a set of credentials that were derived from a password hash stored in the shadow file. This hidden account allows an unauthorized user to modify critical router settings, such as MAC addresses and logo images, and to gain access to features intended for regular users. Furthermore, if the default configurations remain unchanged, additional hard-coded accounts like guest may still permit access to the router's normal administrative interface. |
|---|
| स्रोत | ⚠️ https://github.com/I3eg1nner/iot-vuln/blob/main/E-lins/Hard-Coded%20Credential%20Vulnerability%20in%20E-Lins%20Routers.md |
|---|
| उपयोगकर्ता | liutong (UID 76264) |
|---|
| सबमिशन | 15/11/2024 08:09 AM (2 साल पहले) |
|---|
| संयम | 22/11/2024 06:00 PM (7 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 285916 [E-Lins H685/H685f/H700/H720/H750/H820/H820Q/H820Q0/H900 तक 3.2 OEM Backend कमजोर प्रमाणीकरण] |
|---|
| अंक | 20 |
|---|