Primary

Context

Tenda AC20 Hard-Coded Credentials Vulnerability

Vulnerability

A hard-coded credentials vulnerability exists in the Tenda AC20 router running firmware version 16.03.08.12. The root user's password is hard-coded and stored in the '/etc_ro/shadow' file as an MD5-crypt hash. This vulnerability allows attackers to crack the password hash using password-cracking tools, such as John the Ripper, and gain unauthorized root access to the router. The vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability allows for unauthorized access to the router's system with root privileges.

Reproduction

The vulnerability can be reproduced by extracting the router's firmware file and analyzing the '/etc_ro/shadow' file. The root password hash can be found in this file, which can then be cracked using a password-cracking tool to obtain the plaintext password.

Added: Aug 17, 2025, 3:17 AM

Updated: Aug 17, 2025, 3:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC20 Hard-Coded Credentials Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating