Overview

• Manufacturer’s website information：https://www.totolink.net/
• Firmware download address ：https://totolink.com.my/products/t10/

Affected version

T10 V2_Firmware V2_V4.1.8cu.5207

Vulnerability details

In the T10 V2_Firmware V2_V4.1.8cu.5207 firmware has hard code password for root in /etc/shadow.sample

POC