Tenda i29v1.0 was discovered to contain a hardcoded

Overview

Product: Tenda i29v1.0
Hardware Version: V1.0
Software Version: V1.0.0.5
Manufacturer's website information
- https://www.tendacn.com/
Firmware download website:
- https://www.tendacn.com/hk/download/detail-4916.html
- https://www.tendacn.com/us/download/detail-4916.html

Affected version

V1.0.0.5

Vulnerability description

Tenda i29v1.0 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Untitled

Additional Information

###Product_version
Tenda i29v1.0
V1.0.0.5

###Affected_component
/etc/shadow

###Attack_vector
The root password obtained from /etc/shadow can be used for unauthorized root login.

###Discription
Tenda i29V1.0 Firmware V1.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root

###Refernce
<https://palm-vertebra-fe9.notion.site/hardcode_i29-e1ed38dde00145d9a6be1ad2b4581259>
<https://www.tendacn.com/hk/download/detail-4916.html>

Untitled

after decrypt the passwd we got Fireitup

Untitled