CVE-2024-48192

Name of the Vulnerable Software and Affected Versions Tenda G3 version 15.01.0.5(2848 755) EN

Description A hardcoded password vulnerability was discovered in the /etc ro/shadow file, which allows attackers to log in as root. This issue exists in the Tenda G3 firmware, specifically affecting the ability to access the system with elevated privileges.

Recommendations For Tenda G3 version 15.01.0.5(2848 755) EN, consider changing the hardcoded password in the /etc ro/shadow file to a unique and secure password to prevent unauthorized access. Additionally, restrict access to the /etc ro/shadow file to minimize the risk of exploitation. As a temporary workaround, limit root login capabilities until a patch or official fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.