提出 #632268: Tenda AC20 V16.03.08.12 Hard-coded Credentials
| タイトル | Tenda AC20 V16.03.08.12 Hard-coded Credentials |
|---|---|
| 説明 | A hardcoded credentials vulnerability exists in the Tenda AC20 router (firmware V16.03.08.12). The root user account in the device uses a hardcoded password, which is stored in the /etc_ro/shadow file with an MD5-crypt hash. This allows attackers to obtain the root password through password-cracking tools, thereby gaining unauthorized access to the router's system. The vulnerability is caused by the hardcoding of the root user's password in the Tenda AC20 router firmware. During the analysis of the firmware, it was found that the /etc_ro/shadow file, which stores user account information, contains the root user's password hash. This hash can be easily cracked using password-cracking tools, revealing the plaintext password, thus enabling attackers to log in to the router's system with root privileges. |
| ソース | ⚠️ https:/ |
| ユーザー | n0ps1ed (UID 88889) |
| 送信 | 2025年08月12日 06:01 (10 月 ago) |
| モデレーション | 2025年08月16日 08:06 (4 days later) |
| ステータス | 承諾済み |
| VulDBエントリ | 320359 [Tenda AC20 16.03.08.12 /etc_ro/shadow 弱い認証] |
| ポイント | 20 |