CVE-2020-29669

moderate-risk
Published 2020-12-14

In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.

Do I need to act?

!
10.6% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Macally

References (6)

Exploit http://packetstormsecurity.com/files/160478/Macally-WIFISD2-2A82-2.000.010-Privi...
Exploit https://drive.google.com/file/d/1PpiRhhfph8U_0KAoIp0AnwY3mVtp-R-g/view
Exploit https://github.com/S1lkys/CVE-2020-29669
Exploit http://packetstormsecurity.com/files/160478/Macally-WIFISD2-2A82-2.000.010-Privi...
Exploit https://drive.google.com/file/d/1PpiRhhfph8U_0KAoIp0AnwY3mVtp-R-g/view
Exploit https://github.com/S1lkys/CVE-2020-29669
46
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 11/34 · Low
Exposure 5/34 · Minimal