| タイトル | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash |
|---|
| 説明 | RealTek RTL8196C chip exposes UART serial debug console on router PCB. It drops you into a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
Even though there is no prompt for authentication on root account, the default password for the RealTek root password (which happens to be "realtek") is stored using DES Crypt for hashing. Cracked in 12 seconds on a personal laptop.
Full writeup demonstrating root password hash stored in /etc/passwd file:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
References:
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.des_crypt.html
|
|---|
| ソース | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont |
|---|
| ユーザー | scoozi (UID 82836) |
|---|
| 送信 | 2025年03月15日 23:53 (1 年 ago) |
|---|
| モデレーション | 2025年03月28日 12:48 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 301896 [Netis WF-2404 1.1.124EN /etc/passwd Local Privilege Escalation] |
|---|
| ポイント | 20 |
|---|