U7-Pro_HardCode_vuln

Overview

Product: U7-Pro
Hardware Version: 7.0.35
Manufacturer's website information
- UniFi - Introduction - Ubiquiti
Firmware download website:
- Software Downloads - Ubiquiti

Affected version

7.0.35

Vulnerability description

U7-Pro was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Additional Information

###Product_version
U7-Pro
7.0.35
###Affected_component
/etc/shadow

###Attack_vector
The root password obtained from /etc/shadow can be used for unauthorized root login.

###Discription
U7-Pro was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

###Refernce
<https://colorful-meadow-5b9.notion.site/U7-Pro_HardCode_vuln-14bc216a1c30802e9c4cd03753e880cc?pvs=4>
<https://www.ui.com/download/software/u7-pro>

after decrypt the passwd we got Fireitup