U6-LR_HardCode_vuln

Overview

Product: U6-LR
Hardware Version: 6.6.65
Manufacturer's website information
- UniFi - Introduction - Ubiquiti
Firmware download website:
- Software Downloads - Ubiquiti

Affected version

6.6.65

Vulnerability description

U6-LR was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Additional Information

###Product_version
U6-LR
6.6.65
###Affected_component
/etc/shadow

###Attack_vector
The root password obtained from /etc/shadow can be used for unauthorized root login.

###Discription
U6-LR was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

###Refernce
<https://colorful-meadow-5b9.notion.site/U6-LR_HardCode_vuln-14bc216a1c30806487ebdda3bb984e91?pvs=4>
<https://www.ui.com/download/software/u6-lr>

after decrypt the passwd we got Fireitup