308 matches found
CVE-2024-1661
A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity ...
TOTOLINK X6000R 信任管理问题漏洞
TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a trust management issue vulnerability that stems from the presence of hard-coded credentials in the file /etc/shadow. No detailed vulnerability details are available at this time...
CVE-2024-24324
TOTOLINK A8000RU v7.1cu.643B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow...
Hardcoded credentials
TOTOLINK A8000RU v7.1cu.643B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow...
CVE-2024-24324
CVE-2024-24324 affects TOTOLINK A8000RU, firmware version 7.1cu.643_B20200521, which is reported to store a hardcoded root password in /etc/shadow. The CVE has a high impact (CVSSv3.1: 9.8, CRITICAL) with network access, no user interaction, and no privileges required, per existing metrics. Conne...
CVE-2024-24324
TOTOLINK A8000RU v7.1cu.643B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow...
Ansible Playbook Error Message File Reader
This module will read the first line of a file based on an error message from ansible-playbook with sudo privileges. ansible-playbook takes a yaml file as input, and if there is an error, such as a non-yaml file, it outputs the line where the error occurs. This can be exploited to read the first...
SUSE-SU-2023:2066-1 Security update for shadow
This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn bsc1210507...
CVE-2022-47188
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path...
CVE-2021-37316
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow...
CVE-2023-24149
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...
Design/Logic Flaw
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...
CVE-2023-24149
CVE-2023-24149 affects TOTOLINK CA300-PoE, firmware version V6.2c.884, where a hard-coded root password is stored in /etc/shadow. The exposed credential leads to total impact on confidentiality, integrity, and availability (CVSS v3.1: 9.8, NETWORK attack vector, no user interaction; privileges re...
CVE-2023-24149
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...
CVE-2022-37841
In TOTOLINK A860R V4.1.2cu.5182B20201027 there is a hard coded password for root in /etc/shadow.sample...
CVE-2022-36611
TOTOLINK A800R V4.1.2cu.5137B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample...
CVE-2022-36612
TOTOLINK A950RG V4.1.2cu.5204B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample...
Race Condition in Grunt
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...
CVE-2022-1537
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...
Race condition
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...