PT-2024-35441 · Tenda · Tenda W9
Published
2024-11-19
·
Updated
2024-11-22
·
CVE-2024-52788
CVSS v3.1
8.0
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda W9 version 1.0.0.7(4456)
Description
The issue is related to a hardcoded password in the /etc ro/shadow file, which allows attackers to log in as root.
Recommendations
For Tenda W9 version 1.0.0.7(4456), consider changing the hardcoded password in the /etc ro/shadow file to a unique and secure password to prevent unauthorized root access. As a temporary workaround, restrict access to the device to minimize the risk of exploitation.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda W9