从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞标题:Hard-Coded Credential Vulnerability in E-Lins Routers 2. 受影响的版本: - H685 Router < v3.2.337 - H685f Router < v3.2.248 - H820 Router < v3.3.69 - H820Q Router < v3.2.272 - H820Q0 Router < v3.2.259 - H900 Router < 3.2.241 - H700 Router < 3.2.243 - H720 Router < 3.2.239 - H750 Router < 3.2.241 3. 漏洞描述: - E-Lins Technology Co., Ltd.'s multiple router models, including H685, H685f, H820, H820Q, H820Q0, H900, H700, H720, and H750, are affected by a hard-coded vulnerability. - The hidden backend can be accessed using a specific URL and a set of credentials (oemadmin:crpwd) that were derived from a password hash stored in the shadow file. - The hidden account allows an unauthorized user to modify critical router settings, such as MAC addresses and logo images, and to gain access to features intended for regular users. - If the default configurations remain unchanged, additional hard-coded accounts like guest:guest may still permit access to the router's normal administrative interface. 4. 漏洞利用: - The hidden OEM backend account can be accessed via the path /admin/oem/oem. - The username and password for this account are stored in the shadow file. - The password hash for oemadmin was extracted and cracked using John the Ripper, revealing the password crpwd. - With the password crpwd, one can log into the hidden backend at the URL: /cgi-bin/luci/admin/oem. - Access to the hidden backend allows modification of MAC addresses, logo images, and features available to regular users. - The oemadmin account can also log into the standard web interface. - Additionally, if the default configuration has not been changed, other accounts from the shadow file, such as guest:guest, may still be active and allow access to the normal backend. 5. 漏洞利用示例: - Successful login to the hidden OEM backend using the credentials oemadmin:crpwd. - Normal web system login using the same credentials. - Login using the guest:guest credentials if the default settings were not altered. 这些信息详细描述了E-Lins路由器中硬编码凭证漏洞的性质、受影响的版本范围、漏洞利用方法以及可能的利用场景。