Discoverer

Team StellarFlare (Jeongwon Seok, Yeeun Lee, Haim Lee, Munju Lim, Minu Cho, Gyeongmin Hong)

Description

TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Overview

• Product : TEW-929DRU
• Firmware Version : 1.0.0.10
• Manufacturer's website information
  • https://www.trendnet.com/home
• Firmware download address
  • https://www.trendnet.com/support/support-detail.asp?prod=135_TEW-929DRU

Vulnerability Information

TEW-929DRU was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

after decrypt the root passwd, we got password