Vendor Of The Product: Phicomm K2
Affected Products and Firmware version: Phicomm K2 v22.6.534.263
Vulnerability: Sensitive Information Disclosure Vulnerability
Vulnerability description: In the device program code of Phicomm Intelligent Router K2 (Firmware Version 22.6.534.263), the root password is not encrypted and stored in the shadow file, and the hash value of the root password can be directly obtained, and the root plaintext password can be directly obtained after collision. At the same time, the admin account password in the web background is stored in clear text in the system file, and the admin password can be directly obtained.
After analyzing the unpacked files of the binwalk, it is found that there are etc/shadow files:
root:$1$pkH4fUTV$sZAVgjumfYPkhrzferRSC.:0:0:99999:7:::
The root password obtained by cracking is: 239466 The weblogin account password is stored in the system file in clear text, and the web account password can be directly obtained.
Base64 decoding obtains plaintext password: 8uhb * UHB