| タイトル | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash |
|---|
| 説明 | RealTek RTL8196C chip on router PCB exposes UART serial debug console. You are immediately dropped into a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
Example of how this can be leveraged for an actual attack is attached in Advisory/Exploit section, but full writeups below:
References:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with
Attempted to contact vendor via phone but got no response. No public email found on their website: https://www.netis-systems.com/about/contact.html |
|---|
| ソース | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with |
|---|
| ユーザー | scoozi (UID 82836) |
|---|
| 送信 | 2025年03月15日 23:50 (1 年 ago) |
|---|
| モデレーション | 2025年03月28日 12:48 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 301895 [Netis WF-2404 1.1.124EN /еtc/passwd 弱い暗号化] |
|---|
| ポイント | 20 |
|---|