Cudy WR1200EA Router Password Vulnerability in Shadow File
Vulnerability
A vulnerability exists in the Cudy WR1200EA router running firmware version 2.3.7-20250113-121810. The issue arises from the root user's password being stored in the shadow file with an MD5-crypt hash, allowing the default password to be decrypted. This vulnerability requires local access to exploit, and while the complexity is high, the exploit has been publicly disclosed and could be used.
Impact
Exploitation of this vulnerability allows unauthorized access to the router's administrative interface, using the default root password. This access could lead to full control over the router, including the ability to modify settings, access sensitive information, and potentially execute arbitrary code.
Reproduction
The vulnerability can be reproduced by extracting the router's firmware image, locating the shadow file in the extracted files, and cracking the MD5-crypt hash of the root user's password using a tool like John the Ripper. Alternatively, the default credentials can be used to log into the router's web interface or other network services.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.