changed 3 years ago

Published Linked with GitHub

CVE-2021-46008

Telnet Hard-code Password in Totolink A3100R V5.9c.4577

by KVS

Description
The hard-code telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet function is turned on.
Affected version
Totolink A3100R V5.9c.4577
Root Cause Analysis
There are two ways can leak the password from the firmware.
1. Find the file "squashfs/web_cste/cgi-bin/product.ini", and the telnet password is represented in plaintext.
2. Find the file "squashfs/etc/shadow.sample", there is a user root with a md5 hashed password. Using John the Ripper with rockyou.txt can easily crack the hashed password.
Proof-of-Concept

Method 1

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Method 2

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Cheatsheet

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.

Select a repo