LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
Hardcoded credentials are stored in the /etc/shadow file of the device's operating system and cannot be changed in the standard way. These passwords are weak and easy to guess, meaning an attacker can gain access to the device without any prior authorization. The attack vector is network-based and requires no privileges or user interaction.
An attacker can obtain full, unauthorized access to the device, resulting in complete loss of confidentiality, integrity and availability of the system, as well as the ability to take control of network traffic.
Apply patches available from the manufacturer according to the references. It is also recommended to isolate the device from public network access and monitor unauthorized login attempts until the update is deployed.
LB-LINK BL-WR1300H Firmware version 1.0.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLb Link Bl Wr1300h
HWLb-Linkwszystkie wersjeLb Link Bl Wr1300h Firmware
OSLb-Link1.0.4
Related vulnerabilities
RCE w LB-Link BL-AC2100 przez parametry set_LimitClient_cfg
RCE w LB-Link BL-AC2100 — nieprawidłowa obsługa parametru enable
LB-LINK BL-W1210M — przechowywanie danych uwierzytelniających w postaci jawnej
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 we...
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of ...