1. Executive Summary

56 / 100

Critical

High

Medium

528

Low/Info

2. Scope & Methodology

Item	Details
Firmware	4.0.24 x64 Build202601131850
Vendor	iKuai
Sample	`iKuai8_x64_4.0.24_Build202601131850.bin`
MD5	`4fa9b7183ae1cc505295dc4ef5f5afbf`
SHA-256	`1bee8284ee70f633b8b88bd6bbbfc7a366f9b01f1700dac83b35171fa8b9fb63`
Size	41.7MB
Date	2026-04-22 23:24:54 UTC
Tools	Nyarc Professional v1.2.0

3. Findings Overview

#	Severity	CVSS	Finding
1	CRITICAL	6.9	Password cracked: user 'root'
2	CRITICAL	5.3	OpenSSL libcrypto.so.1.0.0 — EOL
3	CRITICAL	7.5	OpenSSL 1.0.0 — EOL
4	CRITICAL	9.1	Private key leaked: /etc/remote2/ca-certificates.d/ikuai/client.key
5	CRITICAL	9.1	Private key leaked: /etc/ssl/32015/ca.key
6	CRITICAL	9.1	Private key leaked: /etc/ssl/32016/ca.key
7	CRITICAL	9.1	Private key leaked: /etc/ssl/32017/ca.key
8	CRITICAL	9.1	Private key leaked: /etc/swanctl/ikca/rootCA.key
9	CRITICAL	9.1	Private key leaked: /usr/ikuai/ctrlclient/priv.key
10	CRITICAL	9.1	Private key leaked: /usr/openresty/ssl/server.key
11	CRITICAL	6.9	Password cracked: user 'root'
12	CRITICAL	9.1	Cloud control client: private key + certificate leaked
13	CRITICAL	6.1	Control client (alt): private key + certificate leaked
14	CRITICAL	9.1	Embedded CA: private key + certificate leaked
15	CRITICAL	9.1	Embedded CA: private key + certificate leaked
16	CRITICAL	9.1	Embedded CA: private key + certificate leaked
17	CRITICAL	9.1	Web server: private key + certificate leaked
18	CRITICAL	7.5	OpenSSL 1.0.0 — End of Life
19	HIGH	5.3	Generic backdoor detected (CVE-2023-50920): Lua random seed (check for predictable values)
20	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
21	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
22	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
23	HIGH	5.3	Generic backdoor detected (CVE-2023-50920): Lua random seed (check for predictable values)
24	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
25	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
26	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
27	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
28	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
29	HIGH	7.5	Remote control configuration exposed
30	HIGH	5.3	Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)
31	MEDIUM	5.3	User 'sshd' uses MD5crypt weak hash
32	MEDIUM	5.3	User 'root' uses MD5crypt weak hash
33	MEDIUM	5.3	User 'sshd' uses MD5crypt weak hash
34	MEDIUM	5.3	Generic potential vulnerability: Telnet on non-standard port (potential backdoor)
35	MEDIUM	5.3	User 'root' uses MD5crypt weak hash

4. Detailed Findings

1. Password cracked: user 'root'CRITICAL (CVSS 6.9)

Description

Password '2015.ikuai8.com' found via dictionary attack

Evidence

/etc/shadow: root cracked with common password dictionary

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

ID: NYARC-001

2. OpenSSL libcrypto.so.1.0.0 — EOLCRITICAL (CVSS 5.3)

Description

OpenSSL 1.0.x is EOL since 2020, multiple known CVEs including RCE

Evidence

/usr/lib/libcrypto.so.1.0.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

ID: NYARC-002

3. OpenSSL 1.0.0 — EOLCRITICAL (CVSS 7.5)

Description

OpenSSL 1.0.x is EOL since 2020, multiple known CVEs including RCE

Evidence

/usr/lib/libssl.so.1.0.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

ID: NYARC-003

4. Private key leaked: /etc/remote2/ca-certificates.d/ikuai/client.keyCRITICAL (CVSS 9.1)

Description

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /etc/remote2/ca-certificates.d/ikuai/client.key
Certificate: /etc/remote2/ca-certificates.d/ikuai/client.crt
主体	C = CN, ST = beijing, O = ikuai, OU = ikclient, CN = *.ikuai8.com
签发者	C = CN, ST = beijing, L = bj, O = ikuai, OU = ik, CN = *.ikuai8.com
生效时间	Aug 22 09:52:29 2019 GMT
过期时间	Aug 19 09:52:29 2029 GMT
序列号	02
SHA1 指纹	FB:07:C4:91:0E:A9:26:86:98:4D:EE:CB:33:A1:8C:B6:E1:F4:B3:2F

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-004

5. Private key leaked: /etc/ssl/32015/ca.keyCRITICAL (CVSS 9.1)

Description

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /etc/ssl/32015/ca.key (1024-bit RSA)
Certificate: /etc/ssl/32015/ca.crt
主体	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = download.ikuai8.com
签发者	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = download.ikuai8.com
生效时间	Aug 29 04:13:19 2017 GMT
过期时间	Dec 30 04:13:19 3016 GMT
序列号	BD9552A22264C655
SHA1 指纹	68:7C:26:F4:B4:20:1B:C5:04:AD:31:58:0E:4F:C1:04:08:6C:39:B6

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-005

6. Private key leaked: /etc/ssl/32016/ca.keyCRITICAL (CVSS 9.1)

Description

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /etc/ssl/32016/ca.key (1024-bit RSA)
Certificate: /etc/ssl/32016/ca.crt
主体	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = download.ikuai8.com
签发者	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = download.ikuai8.com
生效时间	Aug 29 02:15:37 2017 GMT
过期时间	Dec 30 02:15:37 3016 GMT
序列号	92EDE68AEB529720
SHA1 指纹	B8:4C:CB:B7:53:F6:70:9E:B8:D8:20:DB:8A:34:49:BE:85:E8:30:F0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-006

7. Private key leaked: /etc/ssl/32017/ca.keyCRITICAL (CVSS 9.1)

Description

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /etc/ssl/32017/ca.key (1024-bit RSA)
Certificate: /etc/ssl/32017/ca.crt
主体	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = 302.ikuai8.com
签发者	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = 302.ikuai8.com
生效时间	Sep 6 04:04:56 2017 GMT
过期时间	Jan 7 04:04:56 3017 GMT
序列号	E43325EF748B108B
SHA1 指纹	EC:29:58:77:4B:E1:99:CC:DA:74:14:A2:B9:0B:D9:D7:EF:C9:D5:36

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-007

8. Private key leaked: /etc/swanctl/ikca/rootCA.keyCRITICAL (CVSS 9.1)

Description

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /etc/swanctl/ikca/rootCA.key (4096-bit RSA)
Certificate: /etc/swanctl/ikca/rootCA.crt
主体	C = IK, ST = beijing, L = beijing, O = ikuai, OU = ikuai, CN = ikuaitest.com
签发者	C = IK, ST = beijing, L = beijing, O = ikuai, OU = ikuai, CN = ikuaitest.com
生效时间	Dec 27 01:59:58 2022 GMT
过期时间	Feb 25 01:59:58 2042 GMT
序列号	A1142FC16A202365
SHA1 指纹	A4:86:5B:9B:F1:6F:66:AF:01:B3:EE:9B:A4:90:90:56:60:DB:2A:7E

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-008

9. Private key leaked: /usr/ikuai/ctrlclient/priv.keyCRITICAL (CVSS 9.1)

Description

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /usr/ikuai/ctrlclient/priv.key (4096-bit RSA)
Certificate: /usr/ikuai/ctrlclient/cert.pem
主体	C = CN, ST = BEIJING, O = IKUAI8 Ltd, OU = CERT 0001 OF CA REMOTE CONTROL 0002-01-0001 FOR IKUAI ROUTERS, CN = cert0001.rm_router0002-01-0001.ikuai8.com, emailAddress = [email protected]
签发者	C = CN, ST = BEIJING, O = IKUAI8 Ltd, OU = REMOTE CONTROL 0002-01 FOR ROUTERS, CN = remote_control.rt0002-01.ikuai8.com, emailAddress = [email protected]
生效时间	Dec 24 02:44:23 2015 GMT
过期时间	Dec 22 02:44:23 2021 GMT
序列号	100000
SHA1 指纹	9B:3C:A3:86:B7:65:80:CB:A8:B4:BA:77:8B:B8:53:B4:84:99:6A:2B

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-009

10. Private key leaked: /usr/openresty/ssl/server.keyCRITICAL (CVSS 9.1)

Description

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /usr/openresty/ssl/server.key (2048-bit RSA)
Certificate: /usr/openresty/ssl/server.crt
主体	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = ikuai8.com
签发者	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = ikuai8.com
生效时间	Apr 21 07:23:05 2021 GMT
过期时间	Aug 22 07:23:05 3020 GMT
序列号	DB6C3FFC850ABE5E
SHA1 指纹	45:EF:86:D9:14:1C:AC:5B:45:CB:02:FD:BB:95:5B:75:5E:01:A3:EE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-010

11. Password cracked: user 'root'CRITICAL (CVSS 6.9)

Description

Password '2015.ikuai8.com' found via dictionary attack

Evidence

/etc/shadow: root cracked with common password dictionary

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

ID: NYARC-011

12. Cloud control client: private key + certificate leakedCRITICAL (CVSS 9.1)

Description

Private key and certificate pair found in firmware. Any attacker with the firmware can impersonate this service.

Private Key: /etc/remote2/ca-certificates.d/ikuai/client.key
Certificate: /etc/remote2/ca-certificates.d/ikuai/client.crt
主体	C = CN, ST = beijing, O = ikuai, OU = ikclient, CN = *.ikuai8.com
签发者	C = CN, ST = beijing, L = bj, O = ikuai, OU = ik, CN = *.ikuai8.com
生效时间	Aug 22 09:52:29 2019 GMT
过期时间	Aug 19 09:52:29 2029 GMT
序列号	02
SHA1 指纹	FB:07:C4:91:0E:A9:26:86:98:4D:EE:CB:33:A1:8C:B6:E1:F4:B3:2F

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-012

13. Control client (alt): private key + certificate leakedCRITICAL (CVSS 6.1)

Description

Private key and certificate pair found in firmware. Any attacker with the firmware can impersonate this service.

Private Key: /usr/ikuai/ctrlclient/priv.key (4096-bit RSA)
Certificate: /usr/ikuai/ctrlclient/cert.pem
主体	C = CN, ST = BEIJING, O = IKUAI8 Ltd, OU = CERT 0001 OF CA REMOTE CONTROL 0002-01-0001 FOR IKUAI ROUTERS, CN = cert0001.rm_router0002-01-0001.ikuai8.com, emailAddress = [email protected]
签发者	C = CN, ST = BEIJING, O = IKUAI8 Ltd, OU = REMOTE CONTROL 0002-01 FOR ROUTERS, CN = remote_control.rt0002-01.ikuai8.com, emailAddress = [email protected]
生效时间	Dec 24 02:44:23 2015 GMT
过期时间	Dec 22 02:44:23 2021 GMT
序列号	100000
SHA1 指纹	9B:3C:A3:86:B7:65:80:CB:A8:B4:BA:77:8B:B8:53:B4:84:99:6A:2B

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-013

14. Embedded CA: private key + certificate leakedCRITICAL (CVSS 9.1)

Description

Private key and certificate pair found in firmware. Any attacker with the firmware can impersonate this service.

Private Key: /etc/ssl/32015/ca.key (1024-bit RSA)
Certificate: /etc/ssl/32015/ca.crt
主体	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = download.ikuai8.com
签发者	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = download.ikuai8.com
生效时间	Aug 29 04:13:19 2017 GMT
过期时间	Dec 30 04:13:19 3016 GMT
序列号	BD9552A22264C655
SHA1 指纹	68:7C:26:F4:B4:20:1B:C5:04:AD:31:58:0E:4F:C1:04:08:6C:39:B6

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-014

15. Embedded CA: private key + certificate leakedCRITICAL (CVSS 9.1)

Description

Private key and certificate pair found in firmware. Any attacker with the firmware can impersonate this service.

Private Key: /etc/ssl/32016/ca.key (1024-bit RSA)
Certificate: /etc/ssl/32016/ca.crt
主体	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = download.ikuai8.com
签发者	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = download.ikuai8.com
生效时间	Aug 29 02:15:37 2017 GMT
过期时间	Dec 30 02:15:37 3016 GMT
序列号	92EDE68AEB529720
SHA1 指纹	B8:4C:CB:B7:53:F6:70:9E:B8:D8:20:DB:8A:34:49:BE:85:E8:30:F0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-015

16. Embedded CA: private key + certificate leakedCRITICAL (CVSS 9.1)

Description

Private key and certificate pair found in firmware. Any attacker with the firmware can impersonate this service.

Private Key: /etc/ssl/32017/ca.key (1024-bit RSA)
Certificate: /etc/ssl/32017/ca.crt
主体	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = 302.ikuai8.com
签发者	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = 302.ikuai8.com
生效时间	Sep 6 04:04:56 2017 GMT
过期时间	Jan 7 04:04:56 3017 GMT
序列号	E43325EF748B108B
SHA1 指纹	EC:29:58:77:4B:E1:99:CC:DA:74:14:A2:B9:0B:D9:D7:EF:C9:D5:36

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-016

17. Web server: private key + certificate leakedCRITICAL (CVSS 9.1)

Description

Private key and certificate pair found in firmware. Any attacker with the firmware can impersonate this service.

Private Key: /usr/openresty/ssl/server.key (2048-bit RSA)
Certificate: /usr/openresty/ssl/server.crt
主体	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = ikuai8.com
签发者	C = CN, ST = BeiJing, L = BeiJing, O = iKuai, OU = iKuai, CN = ikuai8.com
生效时间	Apr 21 07:23:05 2021 GMT
过期时间	Aug 22 07:23:05 3020 GMT
序列号	DB6C3FFC850ABE5E
SHA1 指纹	45:EF:86:D9:14:1C:AC:5B:45:CB:02:FD:BB:95:5B:75:5E:01:A3:EE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ID: NYARC-017

18. OpenSSL 1.0.0 — End of LifeCRITICAL (CVSS 7.5)

Description

OpenSSL 1.0.x reached EOL in 2020. Contains numerous known CVEs including potential RCE

Evidence

/usr/lib/libssl.so.1.0.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

ID: NYARC-018

19. Generic backdoor detected (CVE-2023-50920): Lua random seed (check for predictable values)HIGH (CVSS 5.3)

Description

Lua random seed (check for predictable values)

Evidence

/usr/sbin/ikntpget

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware. Use /dev/urandom for session ID generation instead of math.random.

CVE

CVE-2023-50920

Affected Component

/usr/sbin/ikntpget

References

https://github.com/gl-inet/CVE-issues

ID: NYARC-019

20. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/sbin/miniupnpd

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/sbin/miniupnpd

ID: NYARC-020

21. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/sbin/pmd

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/sbin/pmd

ID: NYARC-021

22. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/sbin/tkgen

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/sbin/tkgen

ID: NYARC-022

23. Generic backdoor detected (CVE-2023-50920): Lua random seed (check for predictable values)HIGH (CVSS 5.3)

Description

Lua random seed (check for predictable values)

Evidence

/usr/ikuai/script/ik_netoptimize.lua

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware. Use /dev/urandom for session ID generation instead of math.random.

CVE

CVE-2023-50920

Affected Component

/usr/ikuai/script/ik_netoptimize.lua

References

https://github.com/gl-inet/CVE-issues

ID: NYARC-023

24. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/lib/libjansson.so

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/lib/libjansson.so

ID: NYARC-024

25. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/lib/libjansson.so.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/lib/libjansson.so.4

ID: NYARC-025

26. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/lib/libjansson.so.4.13.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/lib/libjansson.so.4.13.0

ID: NYARC-026

27. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/sbin/cre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/sbin/cre

ID: NYARC-027

28. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/sbin/ik_rc_client

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/sbin/ik_rc_client

ID: NYARC-028

29. Remote control configuration exposedHIGH (CVSS 7.5)

Description

Cloud control server endpoints visible in firmware

Evidence

etc/remote2/ikuai.conf
{
     "as_server":{
        "host":["as-v4.ikuai8.com:9444"],
        "ca_path":"/etc/remote2/ca-certificates.d/ikuai"
     }
}

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ID: NYARC-029

30. Generic backdoor detected: JSON parser library (sscanf overflow CVE in parse_object)HIGH (CVSS 5.3)

Description

JSON parser library (sscanf overflow CVE in parse_object)

Evidence

/usr/sbin/ik_stats_collect

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Update firmware to latest version. Review vendor security advisories.

Affected Component

/usr/sbin/ik_stats_collect

ID: NYARC-030

31. User 'sshd' uses MD5crypt weak hashMEDIUM (CVSS 5.3)

Description

MD5crypt ($1$) is a weak algorithm, recommend migration to SHA-512 ($6$)

Evidence

/etc/shadow: sshd:$1$BKY7uz3G$vw5dPaPb...

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

ID: NYARC-031

32. User 'root' uses MD5crypt weak hashMEDIUM (CVSS 5.3)

Description

MD5crypt ($1$) is a weak algorithm, recommend migration to SHA-512 ($6$)

Evidence

/etc/shadow: root:$1$9.EU8ItY$z4EfK4vQ...

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

ID: NYARC-032

33. User 'sshd' uses MD5crypt weak hashMEDIUM (CVSS 5.3)

Description

MD5crypt ($1$) is a weak algorithm, recommend migration to SHA-512 ($6$)

Evidence

/etc/shadow: sshd:$1$BKY7uz3G$vw5dPaPb...

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

ID: NYARC-033

34. Generic potential vulnerability: Telnet on non-standard port (potential backdoor)MEDIUM (CVSS 5.3)

Description

Telnet on non-standard port (potential backdoor)

Evidence

/sbin/sysinit

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution

Review this component for proper input validation and access control.

Affected Component

/sbin/sysinit

ID: NYARC-034

35. User 'root' uses MD5crypt weak hashMEDIUM (CVSS 5.3)

Description

MD5crypt ($1$) is a weak algorithm, recommend migration to SHA-512 ($6$)

Evidence

/etc/shadow: root:$1$9.EU8ItY$z4EfK4vQ...

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

ID: NYARC-035

5. Network Analysis

Domain	Category	References
`yun.ikuai8.com`	🟡 cloud	15 files `/usr/ikuai/function/backup` `/usr/ikuai/function/cloud_bak` `/usr/ikuai/function/ik_web_sdwan` `/usr/ikuai/function/ikmessages` `/usr/ikuai/function/nat_ddns` `/usr/ikuai/function/register` `/usr/ikuai/script/backup.sh` `/usr/ikuai/script/cloud_bak.sh` `/usr/ikuai/script/ik_web_sdwan.sh` `/usr/ikuai/script/ikmessages.sh` `/usr/ikuai/script/nat_ddns.sh` `/usr/ikuai/script/register.sh` `/usr/ikuai/www/static/js/first.json` `/usr/openresty/lua/lib/webman.lua` `/usr/sbin/ik_wpa_ppsk`
`dis-v4.ikuai8.com`	🟡 system	2 files `/usr/sbin/cre` `/usr/sbin/tkgen`
`api.cloudflare.com`	🟡 api	2 files `/usr/ikuai/function/ddns` `/usr/ikuai/script/ddns.sh`
`ftp.info-zip.org`	🟡 system	2 files `/usr/bin/unzip` `/usr/bin/zip`
`dingtalk.c.app`	🟡 system	2 files `/usr/DTalkInside/sign_ikuai_x86_64` `/usr/sbin/dtalkd`
`routers.ikuai8.com`	🟡 system	2 files `/usr/bin/ik_audit_publisher` `/usr/ikuai/script/ikaudit_update.sh`
`time6.aliyun.com`	🟡 system	`/usr/sbin/ikntpget`
`time4.aliyun.com`	🟡 system	`/usr/sbin/ikntpget`
`as1.ikuai8.com`	🟡 system	`/usr/sbin/ik_rc_client`
`ntp2.ikuai8.com`	🟡 system	`/usr/sbin/ikntpget`
`update.ikuai8.com`	🟡 update	`/usr/ikuai/ctrlclient/conf.json`
`ntp3.ikuai8.com`	🟡 system	`/usr/sbin/ikntpget`
`audit.ikuai8.com`	🟡 telemetry	`/usr/ikuai/script/ikaudit_update.sh`
`time5.aliyun.com`	🟡 system	`/usr/sbin/ikntpget`
`api.weibo.com`	🟡 api	`/usr/openresty/lua/webauth/release.lua`
`ntp2.aliyun.com`	🟡 system	`/usr/sbin/ikntpget`
`2015.ikuai8.com`	🟡 system	`/usr/sbin/vsftpx`
`ntp1.ikuai8.com`	🟡 system	`/usr/sbin/ikntpget`
`stedolan.github.com`	🟡 system	`/usr/sbin/jq`
`time2.aliyun.com`	🟡 system	`/usr/sbin/ikntpget`
`software.es.net`	🟡 system	`/usr/bin/iperf3`
`as2.ikuai8.com`	🟡 system	`/usr/sbin/ik_rc_client`
`rsync.samba.org`	🟡 system	`/usr/bin/rsync`
`listi.jpberlin.de`	🟡 system	`/usr/sbin/smartctl`
`pkgmgr-v4.ikuai8.com`	🟡 system	`/usr/sbin/pmd`
`restapi.amap.com`	🟡 system	`/usr/sbin/speedtest-nearby-src`
`time1.aliyun.com`	🟡 system	`/usr/sbin/ikntpget`
`cloud.ikuai8.com`	🟡 cloud	`/usr/ikuai/www/static/js/first.json`
`time3.aliyun.com`	🟡 system	`/usr/sbin/ikntpget`
`schemas.microsoft.com`	🟡 system	`/usr/bin/wsdd2`

6. Recommendations

Review all outbound connections, replace default credentials, upgrade deprecated crypto libraries.

Firmware Security Audit Report

4.0.24 x64 Build202601131850

Table of Contents

1. Executive Summary

2. Scope & Methodology

3. Findings Overview

4. Detailed Findings

5. Network Analysis

6. Recommendations