W9_HardCode_vuln

Overview

Product: Tenda W9 V1.0.0.7(4456)
Hardware Version: V1.0.0.7(4456)
Manufacturer's website information
- https://www.tendacn.com/
Firmware download website:
- https://www.tendacn.com/hk/download/detail-3201.html

Affected version

V1.0.0.7(4456)

Vulnerability description

Tenda W9 V1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

Additional Information

###Product_version
W9 
**V1.0.0.7(4456)**

###Affected_component
/etc_ro/shadow

###Attack_vector
The root password obtained from /etc_ro/shadow can be used for unauthorized root login.

###Discription
Tenda W9 **V1.0.0.7(4456)** was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

###Refernce
<https://colorful-meadow-5b9.notion.site/W9_HardCode_vuln-13dc216a1c30800fb31bdcdca7345ec3>
[<https://www.tendacn.com/hk/download/detail-3201.html>](<https://www.tendacn.com/hk/download/detail-3479.html>)

after decrypt the passwd we got Fireitup