Sensitive Information Disclosure Vulnerability Description

Vendor Of The Product: Phicomm K2

Affected Products and Firmware version: Phicomm K2 v22.6.534.263

Vulnerability: Sensitive Information Disclosure Vulnerability

Vulnerability description: In the device program code of Phicomm Intelligent Router K2 (Firmware Version 22.6.534.263), the root password is not encrypted and stored in the shadow file, and the hash value of the root password can be directly obtained, and the root plaintext password can be directly obtained after collision. At the same time, the admin account password in the web background is stored in clear text in the system file, and the admin password can be directly obtained.

Vulnerability Analysis

After analyzing the unpacked files of the binwalk, it is found that there are etc/shadow files:

Untitled

root:$1$pkH4fUTV$sZAVgjumfYPkhrzferRSC.:0:0:99999:7:::

Untitled

The root password obtained by cracking is: 239466 The weblogin account password is stored in the system file in clear text, and the web account password can be directly obtained.

Untitled

Base64 decoding obtains plaintext password: 8uhb * UHB

Untitled