TOTOLINK CA300-PoE 信任管理问题漏洞

The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which originates from /etc/shadow storing the password of the root account...

Vulnerability of the fileio.c component, /etc/shadow, /etc/.shadow.swp, and the text editor Vim, allowing an attacker to access confidential data

The vulnerability of the fileio.c component, /etc/shadow, and /etc/.shadow.swp from the Vim text editor is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows an attacker to gain access to confidential data...

CVE-2022-36159

Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface an...

MimiPenguin

This searches process memory for needles that indicate where cleartext passwords may be located. If any needles are discovered in the target process memory, collected strings in adjacent memory will be hashed and compared with password hashes found in /etc/shadow. Module Options msf use...

PT-2022-23237 · Contec · Contec Fxa3200

Name of the Vulnerable Software and Affected Versions: Contec FXA3200 versions 1.13 and under Description: The issue concerns a hard-coded hash password for the root user stored in the /etc/shadow component. This password is weak and can be cracked in a few minutes. Once the password is obtained,...

TOTOLINK A860R /etc/shadow.sample hardcoded vulnerability

TOTOLINK A860R is a dual-band wireless router with a maximum transmission rate of 1200Mbps, 6-antenna dual-band concurrent technology, and support for remote management by mobile APP, which is suitable for small and medium-sized enterprises and home network environments. The TOTOLINK A860R suffer...

TOTOLINK A860R 信任管理问题漏洞

TOTOLINK A860R is a dual-band wireless router with a maximum transmission rate of 1200Mbps, 6-antenna dual-band concurrent technology, and support for remote management by mobile APP, which is suitable for small and medium-sized enterprises and home network environments. The TOTOLINK A860R suffer...

CVE-2022-36611

TOTOLINK A800R V4.1.2cu.5137B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

TOTOLINK A810R 信任管理问题漏洞

The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK A810R versions V4.1.2cu.5182B20201026 and V5.9c.4050B20190424, which originates from the inclusion of a hardcoded root password in /etc/shadow.sample...

PT-2022-23506 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description: The issue concerns a hardcoded password for the root user located at /etc/shadow.sample. This could potentially allow unauthorized access to the system. Recommendations: For TOTOLINK...

TOTOLINK A3600R 信任管理问题漏洞

TOTOLINK A3600R is a 6 antenna 1200M wireless router from TOTOLINK China.A security vulnerability exists in TOTOLINK A3600R Firmware V4.1.2cu.5182B20201102 version, which originates from the inclusion of the root password in /etc/shadow.sample. contains the root password. An attacker could exploi...

nsufficiently Protected Credentials in ActiveMQ Artemis

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file etc/artemis-users.properties file when executing the resetUsers operation. A local attacker can use this flaw to read the...

CVE-2022-29588

Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files...

CVE-2022-29588

Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files...

CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

UBUNTU-CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation...

PT-2022-13939 · Gruntjs +3 · Gruntjs +3

Name of the Vulnerable Software and Affected Versions: GruntJS versions prior to 1.5.3 Description: The issue concerns a TOCTOU Time-of-Check-to-Time-of-Use race condition in file.copy operations. This can lead to arbitrary file writes, potentially resulting in local privilege escalation if a...

CVE-2021-46381

Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading /etc/passwd and /etc/shadow...

D-Link DAP-1620 路径遍历漏洞

A path traversal vulnerability exists in the D-Link DAP-1620, a wireless repeater extender from D-Link, Taiwan, China, which results from a path traversal in the D-Link DAP-1620 that causes local file inclusion to lead to unauthorized internal file reads of /etc/passwd and / etc/shadow. No detail...