Netis AC1200 Router Hard-Coded Root Credential Vulnerability

A hard-coded root password vulnerability has been identified in the Netis AC1200 Router NC21, specifically in the firmware version V4.0.1.4296. The root password is set to 'root' and is stored in '/etc/shadow.sample'. This vulnerability allows local attackers with access to the device to authenticate as root and gain full control over the operating system.

Impact

Exploitation of this vulnerability allows for unauthorized root access, enabling full control of the device's operating system.

Reproduction

To reproduce this vulnerability, access the router via SSH using the root username and the default password 'root'. The SSH connection must be established with specific options to negotiate the key exchange algorithm, host key algorithm, accepted public key algorithm, cipher, and compression settings.