Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root stored in the component /etc/shadow.

Description

There is a hard code password for root in /etc/shadow

image-20230112103759214

Firmware information

Affected version

Version: V6.2c.884

image-20230112103905821

Vulnerability details

image-20230113113147644

root:$1$ArDex.Yh$J4iv2K7mBpSnHewlCdkdp.:0:0:99999:7:::
daemon:*:0:0:99999:7:::
admin:$1$zGWRVM14$u/x/W8yls/LouMLrunwbL/:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::

image-20230113124921819

after decrypt the passwd we got cs2012