Daniel Schwendner - Security Researcher - Exploit Intelligence Platform

CVE-2020-29669 NOMISEC HIGH WORKING POC

Macally WIFISD2-2A82 Media and Travel Router 2.000.010 - Privilege Escalation

In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.

2 stars

CVSS 8.8

View Code

CVE-2020-29669 INTHEWILD HIGH WORKING POC

Macally WIFISD2-2A82 Media and Travel Router 2.000.010 - Privilege Escalation

In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.

CVSS 8.8

View Code

EIP-2026-101840 EXPLOITDB python WORKING POC

Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation

View Code