| 제목 | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash |
|---|
| 설명 | RealTek RTL8196C chip exposes UART serial debug console on router PCB. It drops you into a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
Even though there is no prompt for authentication on root account, the default password for the RealTek root password (which happens to be "realtek") is stored using DES Crypt for hashing. Cracked in 12 seconds on a personal laptop.
Full writeup demonstrating root password hash stored in /etc/passwd file:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
References:
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.des_crypt.html
|
|---|
| 원천 | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont |
|---|
| 사용자 | scoozi (UID 82836) |
|---|
| 제출 | 2025. 03. 15. PM 11:53 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 28. PM 12:48 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 301896 [Netis WF-2404 1.1.124EN /etc/passwd Local Privilege Escalation] |
|---|
| 포인트들 | 20 |
|---|