CF-WR630AX_HardCode_vuln

Overview

Product: CF-WR630AX
Hardware Version: v2.7.0.2
Manufacturer's website information
- COMFAST
Firmware download website:
- CF-WR630AX-V2.7.0.2 - 路由器固件 - COMFAST

Affected version

v2.7.0.2

Vulnerability description

CF-WR630AX was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Additional Information

###Product_version
CF-WR630AX
v2.7.0.2
###Affected_component
/etc/shadow

###Attack_vector
The root password obtained from /etc/shadow can be used for unauthorized root login.

###Discription
CF-WR630AX was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

###Refernce
<https://colorful-meadow-5b9.notion.site/CF-WR630AX_HardCode_vuln-14bc216a1c3080968161ce15e35fa652?pvs=4>
<http://www.comfast.com.cn/index.php?m=content&c=index&a=show&catid=31&id=776>

after decrypt the passwd we got Fireitup