제출 #632268: Tenda AC20 V16.03.08.12 Hard-coded Credentials
| 제목 | Tenda AC20 V16.03.08.12 Hard-coded Credentials |
|---|---|
| 설명 | A hardcoded credentials vulnerability exists in the Tenda AC20 router (firmware V16.03.08.12). The root user account in the device uses a hardcoded password, which is stored in the /etc_ro/shadow file with an MD5-crypt hash. This allows attackers to obtain the root password through password-cracking tools, thereby gaining unauthorized access to the router's system. The vulnerability is caused by the hardcoding of the root user's password in the Tenda AC20 router firmware. During the analysis of the firmware, it was found that the /etc_ro/shadow file, which stores user account information, contains the root user's password hash. This hash can be easily cracked using password-cracking tools, revealing the plaintext password, thus enabling attackers to log in to the router's system with root privileges. |
| 원천 | ⚠️ https:/ |
| 사용자 | n0ps1ed (UID 88889) |
| 제출 | 2025. 08. 12. AM 06:01 (10 개월 ago) |
| 모더레이션 | 2025. 08. 16. AM 08:06 (4 days later) |
| 상태 | 수락 |
| VulDB 항목 | 320359 [Tenda AC20 16.03.08.12 /etc_ro/shadow 약한 인증] |
| 포인트들 | 20 |