H3C Magic B1STV100R012 was discovered to contain a hardcoded

Overview

Product: H3C Magic B1ST
Firmware Version: V100R012
Manufacturer's website information
- https://www.h3c.com/cn/
Firmware download website:
- https://www.h3c.com/cn/d_201609/956059_30005_0.htm

Affected version

V100R012

Vulnerability description

H3C Magic B1STV100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Untitled

Additional Information

###Product_version
- **Product:** H3C Magic B1ST
- **Firmware Version:** V100R012

###Affected_component
/etc/shadow

###Attack_vector
The root password obtained from /etc/shadow can be used for unauthorized root login.

###Discription
H3C Magic B1STV100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

###Refernce
<https://palm-vertebra-fe9.notion.site/H3C-Magic-B1STV100R012-was-discovered-to-contain-a-hardcoded-2a648569ee7f4df8b570632d11032337?pvs=74>
<https://www.h3c.com/cn/d_201609/956059_30005_0.htm>

after decrypt the passwd we got root