| Название | TOTOLINK Wi-Fi 6 Router X2000R-Gh-V2.0.0 Insecure Storage of Sensitive Information |
|---|
| Описание | An insecure password vulnerability was identified in TOTOLINK Wi-Fi 6 Router series devices running firmware version X2000R-Gh-V2.0.0. The root user account uses a weak password (cracked as "123456" using the John tool). This password is stored in the world-readable file /etc/shadow.sample using MD5-crypt hashing, which can be easily decrypted by tools like John and exploited. For example, it allows unauthorized root access to the device through network-accessible services or the administrative interface. |
|---|
| Источник | ⚠️ https://github.com/XXRicardo/iot-cve/blob/main/TOLOLINK/X2000R-Gh-V2.0.0.md |
|---|
| Пользователь | lxyilu (UID 88936) |
|---|
| Представление | 16.08.2025 12:31 (10 месяцы назад) |
|---|
| Модерация | 28.08.2025 13:12 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 321691 [TOTOLINK X2000R до 2.0.0 Administrative Interface /etc/shadow.sample раскрытие информации] |
|---|
| Баллы | 20 |
|---|