Tenda F1202 Hard-Coded Credentials Vulnerability

A hard-coded credentials vulnerability exists in the Tenda F1202 router, specifically in versions 1.2.0.9, 1.2.0.14, and 1.2.0.20. The vulnerability allows unauthorized access to the device's administrative interface or other network-accessible services. The root password, 'Fireitup', is hard-coded and stored in the '/etc_ro/shadow' file, hashed with MD5-crypt. This hash can be easily cracked using tools like John the Ripper, enabling attackers to gain root privileges on the device.

Impact

Exploitation of this vulnerability allows attackers to log in as the root user, accessing all administrative functions and potentially leading to unauthorized modifications of the device's configuration or execution of arbitrary code.

Reproduction

To reproduce this vulnerability, first extract the firmware image from the Tenda F1202 router. After extracting the image, locate the '/etc_ro/shadow' file in the squashfs-root directory. The root password hash can be found here, which can then be cracked using a password-cracking tool such as John the Ripper. Once the password is obtained, it can be used to log into the device's administrative interface or other network services as the root user.