| 标题 | Netis WF-2404 Router Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Inclusion of Undocumented Features or Chicken Bits |
|---|
| 描述 | RealTek RTL8196C chip on router PCB exposes UART serial debug console that gives you a root shell without prompting for any authentication. Physical access is required but soldering not required, can be performed trivially without lasting detection.
The BusyBox shell includes unadvertised "flash" command, which allows user to read and write flash parameters in Management Information Base. This includes current and default usernames and passwords for the admin portal at 192.168.1.1, which are stored in cleartext in case an attacker simply wanted to read the password and be able to log in to the admin console and not change credentials so as to be stealthier.
Attack example in Advisory/Exploit Section, but full writeups available here:
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with |
|---|
| 来源 | ⚠️ https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with |
|---|
| 用户 | scoozi (UID 82836) |
|---|
| 提交 | 2025-03-15 23時57分 (1 年前) |
|---|
| 管理 | 2025-03-28 12時48分 (13 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 301897 [Netis WF-2404 1.1.124EN BusyBox Shell 弱加密] |
|---|
| 积分 | 20 |
|---|