![]() ![]() Impact A remote attacker may utilize these credentials to gain administrator access to the device. The Observa Telecom RTA01N was previously disclosed on the Full Disclosure mailing list. The vulnerability was previously disclosed in VU#228886 and assigned CVE-2014-0329 for ZTE ZXV10 W300, but it was not known at the time that the same vulnerability affected products published by other vendors. ![]() The MAC address may be obtainable over SNMP with community string public. In the ASUS, DIGICOM, Observa Telecom, and ZTE devices, the username is “ admin,” in the PLDT devices, the user name is “ adminpldt,” and in all affected devices, the password is “ XXXXairocon” where “ XXXX” is the last four characters of the device’s MAC address. OverviewĭSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone (PLDT), and ZTE contain hard-coded “ XXXXairocon” credentialsĭescription CWE-798 : Use of Hard-coded CredentialsĭSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN and Kasda KW58293, and ZTE ZXV10 W300 contain hard-coded credentials that are useable in the telnet service on the device. Since getting hold of a router’s MAC is a trivial task for any technically skilled person, this would allow anyone to guess the admin passwords for those devices. Since the hard-coded password has the same format for all the mentioned devices, the firmware for all the above routers seems to manufactured by the same company. The password scheme is “ XXXXairocon” where XXXX represents the last four digits in the router’s MAC physical address, which usually is presented in consoles like six groups of two hexadecimal characters in the form of: “ XX-XX-XX-XX-XX-XX“ Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN andĪccording to the researchers’ findings, all of these devices give administrative control over the router by using a hard-coded login scheme. Using the “ admin” username for the Asus, DIGICOM, Observa Telecom, and ZTE devices, and the “ adminpldt” for the Philippine Long Distance Telephone (PLDT) router, a hacker could easily authenticate himself on the WiFi stations using a common password.The group of researchers from the European University of Madrid had disclosed this vulnerability in May 2015 along with a few more other security vulnerabilities include privilege escalation, CSRF, XSS, DOS, authentication bypasses in other devices. According to an alert issued Tuesday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University, the affected device models are: This yet unpatched security vulnerability can give attackers access to a few DSL, SOHO (small office / home office) WiFi routers using such default login scheme. Select it from the list, allow Mac OS X to populate the printer settings, click Add and you’ll now have wireless access to the printer.Wi-Fi routers vulnerable to remote hacking due to hard-coded admin credentialsĪ group of researchers have discovered that they could remotely log into some Wi-Fi routers using the hard-coded default administrator login. Click the + symbol and select the printer from the Add Printer list – your printer will be now recognized as a Bonjour device. You’ll have to install the appropriate printer driver software onto each computer you plan to use, as well as take a visit to System Preferences > Print & Fax and add the newly-wireless device to your printer roster. To go wireless, simply plug the printer’s USB cable into the USB port on back of your AirPort device and connect the other end to the printer. Thankfully, AirPort Extreme, AirPort Express and Time Capsule all come with a single USB 2.0 port capable of attaching a printer or hard drive (more on that in a moment), allowing everyone in your home to have access to the same printer. For one, the longer a printer sits unused, the more ink you’ll waste having to clean the cartridge(s) the next time you want to use it, wasting costly ink. Despite the abundance of cheap USB inkjet printers, there are very good reasons to avoid buying one for every computer in your home. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |