dslreports logo
Search similar:


uniqs
457

EGeezer
Premium Member
join:2002-08-04
Midwest
kudos:8
·Callcentric

EGeezer

Premium Member

DSL routers contain hard-coded "XXXXairocon" credentials

Although DSL is slowly going the way of the dodo, there are still lots of users out there.

said by VU#950576 :

DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN and Kasda KW58293, and ZTE ZXV10 W300 contain hard-coded credentials that are useable in the telnet service on the device. In the ASUS, DIGICOM, Observa Telecom, and ZTE devices, the username is "admin," in the PLDT devices, the user name is "adminpldt," and in all affected devices, the password is "XXXXairocon" where "XXXX" is the last four characters of the device's MAC address. The MAC address may be obtainable over SNMP with community string public. ...

Full notice at »www.kb.cert.org/vuls/id/950576

I'd think they'd at least change the default SNMP community string and default port(s) for TELNET and FTP when implementing the router in a customer site.
--
If no mistake have you made, yet losing you are … a different game you should play
- Yoda
HELLFIRE
MVM
join:2009-11-25
kudos:30

HELLFIRE

MVM

Re: DSL routers contain hard-coded "XXXXairocon" credentials

...yet how many times have we seen here that it's less about "securing it right / in the first place" and more about
"get the product out anyways?"

Regards

EGeezer
Premium Member
join:2002-08-04
Midwest
kudos:8
·Callcentric

EGeezer

Premium Member

I'm just dreading the day when home/SOHO router makers start going the way of operating systems whose vendors are deciding to monetize their products by collecting local information and sharing everything by default.
--
If no mistake have you made, yet losing you are … a different game you should play
- Yoda

NetFixer
Snarl For The Camera Please
Premium Member
join:2004-06-24
The Boro
·Cingular Wireless
·Comcast Business..
·Vonage
ARRIS SB6121
Switches Trash Bin
D-Link DIR-655 Rev. B

NetFixer

Premium Member

said by EGeezer:

I'm just dreading the day when home/SOHO router makers start going the way of operating systems whose vendors are deciding to monetize their products by collecting local information and sharing everything by default.

What makes you think that all of the "cloud" routers that are being pushed by all the major vendors aren't already doing that?
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

EGeezer
Premium Member
join:2002-08-04
Midwest
kudos:8

EGeezer

Premium Member

I'd think that the security community would be all over it if a router vendor was doing that stuff.
--
If no mistake have you made, yet losing you are … a different game you should play
- Yoda

Black Box
join:2002-12-21

Black Box to EGeezer

Member

to EGeezer
said by EGeezer:

I'm just dreading the day when home/SOHO router makers start going the way of operating systems whose vendors are deciding to monetize their products by collecting local information and sharing everything by default.

As if it didn't happen already with Belkin. They plonked on my siht list and wouldn't touch any of their products smarter than a power bar.

So having a router (capable of) running OpenWRT or Tomato is starting to become a necessity.
--
Keep It Safe, Stupid!
Yes, I CanChat. Can You?

EGeezer
Premium Member
join:2002-08-04
Midwest
kudos:8
·Callcentric

EGeezer

Premium Member

Fortunately, Belkin has never been on my list of preferred brand names.

It seems there's a need for more skeptical examination of home/SOHO router firmware by packet rats and forensic experts.
--
If no mistake have you made, yet losing you are … a different game you should play
- Yoda