| 제목 | TOTOLINK Wi-Fi 6 Router X2000R-Gh-V2.0.0 Insecure Storage of Sensitive Information |
|---|
| 설명 | An insecure password vulnerability was identified in TOTOLINK Wi-Fi 6 Router series devices running firmware version X2000R-Gh-V2.0.0. The root user account uses a weak password (cracked as "123456" using the John tool). This password is stored in the world-readable file /etc/shadow.sample using MD5-crypt hashing, which can be easily decrypted by tools like John and exploited. For example, it allows unauthorized root access to the device through network-accessible services or the administrative interface. |
|---|
| 원천 | ⚠️ https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md |
|---|
| 사용자 | lxyilu (UID 88936) |
|---|
| 제출 | 2025. 08. 16. PM 12:31 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 28. PM 01:12 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 321691 [TOTOLINK X2000R 까지 2.0.0 Administrative Interface /etc/shadow.sample 정보 공개] |
|---|
| 포인트들 | 20 |
|---|