Share
## https://sploitus.com/exploit?id=PACKETSTORM:176795
CVE ID: CVE-2024-22902  
  
Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2  
  
Suggested Description:  
Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability.  
  
Additional Information:  
There is no documentation or guidance from Vinchin on changing the root password for this version. The use of password authentication as root is possible, leading to potential unauthorized access.  
  
Vulnerability Type:  
Incorrect Access Control  
  
Vendor of Product:  
Vinchin  
  
Affected Product Code Base:  
Vinchin - Version 7.2  
  
Attack Type:  
Remote  
  
Impact - Escalation of Privileges:  
True  
  
Attack Vectors:  
This security flaw can be exploited through both local and remote access using the default root credentials provided in the software.  
  
Discoverer:  
Valentin Lobstein  
  
References:  
- http://vinchin.com  
  
Conclusion:  
The existence of default root credentials in Vinchin Backup & Recovery v7.2 (CVE-2024-22902) is a serious security oversight. Users of this software version should be aware of the risks and stay alert for any updates or security patches from Vinchin. Immediate action should be taken to change these credentials to prevent unauthorized access.  
  
Signed,Valentin Lobstein