| Название | Tenda AC20 V16.03.08.12 Hard-coded Credentials |
|---|
| Описание | A hardcoded credentials vulnerability exists in the Tenda AC20 router (firmware V16.03.08.12). The root user account in the device uses a hardcoded password, which is stored in the /etc_ro/shadow file with an MD5-crypt hash. This allows attackers to obtain the root password through password-cracking tools, thereby gaining unauthorized access to the router's system.
The vulnerability is caused by the hardcoding of the root user's password in the Tenda AC20 router firmware. During the analysis of the firmware, it was found that the /etc_ro/shadow file, which stores user account information, contains the root user's password hash. This hash can be easily cracked using password-cracking tools, revealing the plaintext password, thus enabling attackers to log in to the router's system with root privileges. |
|---|
| Источник | ⚠️ https://github.com/ZZ2266/.github.io/tree/main/AC20/hardcoded%20password/readme.md |
|---|
| Пользователь | n0ps1ed (UID 88889) |
|---|
| Представление | 12.08.2025 06:01 (10 месяцы назад) |
|---|
| Модерация | 16.08.2025 08:06 (4 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 320359 [Tenda AC20 16.03.08.12 /etc_ro/shadow слабая аутентификация] |
|---|
| Баллы | 20 |
|---|