| 标题 | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Use of Weak Hash |
|---|
| 描述 | RealTek RTL8196C chip on router PCB exposes UART serial debug console. You are immediately dropped into a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
Example of how this can be leveraged for an actual attack is attached in Advisory/Exploit section, but full writeups below:
References:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with
Attempted to contact vendor via phone but got no response. No public email found on their website: https://www.netis-systems.com/about/contact.html |
|---|
| 来源 | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with |
|---|
| 用户 | scoozi (UID 82836) |
|---|
| 提交 | 2025-03-15 23時50分 (1 年前) |
|---|
| 管理 | 2025-03-28 12時48分 (13 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 301895 [Netis WF-2404 1.1.124EN /еtc/passwd 弱加密] |
|---|
| 积分 | 20 |
|---|