| 제목 | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash |
|---|
| 설명 | RealTek RTL8196C chip on router PCB exposes UART serial debug console. You are immediately dropped into a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
Example of how this can be leveraged for an actual attack is attached in Advisory/Exploit section, but full writeups below:
References:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with
Attempted to contact vendor via phone but got no response. No public email found on their website: https://www.netis-systems.com/about/contact.html |
|---|
| 원천 | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with |
|---|
| 사용자 | scoozi (UID 82836) |
|---|
| 제출 | 2025. 03. 15. PM 11:50 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 28. PM 12:48 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 301895 [Netis WF-2404 1.1.124EN /еtc/passwd 약한 암호화] |
|---|
| 포인트들 | 20 |
|---|