Vendor Of The Product: Phicomm K2G
Affected Products and Firmware version: Phicomm K2G v22.6.3.20
Vulnerability: Sensitive Information Disclosure Vulnerability
Vulnerability description: In the device program code of Phicomm Intelligent Router K2G (Firmware Version v22.6.3.20), the root password is not encrypted and stored in the shadow file, and the hash value of the root password can be directly obtained, and the root plaintext password can be directly obtained after collision. At the same time, the admin account password in the web background is stored in clear text in the system file, and the admin password can be directly obtained.
After analyzing the unpacked files of the binwalk, it is found that there are etc/shadow
root:$1$uLTx5N3s$2I0B6vbPf.gvEUK/Oro2f1:0:0:99999:7:::
Crack the root password is: 333620
The weblogin account password is stored in the system file in clear text, and the web account
password can be directly obtained. Base64 Decode to Get plaintext Password: Aa123456