Skip to main content
close search
site logo
Dive Brief

CERT warning: Hard-coded admin credentials make routers vulnerable to hacking

Published Aug. 28, 2015
By
Contributing Editor
Salvatore Vuono

Dive Brief:

  • The CERT Coordination Center at Carnegie Mellon University has issued an alert stating that DSL routers from different manufacturers contain a guessable hard-coded password.

  • A remote attacker may utilize these credentials to gain administrator access to the affected devices over their telnet service, CERT said.

  • The vulnerability is not new, but it hasn't been known until now that other devices were also affected.

Dive Insight:

All of the devices have an admin password in the form "XXXXairocon" where XXXX are the last four characters of the device's physical MAC address, according to CERT/CC.

A device's full MAC address can easily be obtained by sending a public query over the Simple Network Management Protocol.

Earlier this year, a security researcher found similar vulnerabilities in a significant number of DSL router models from different manufacturers that were distributed by ISPs from around the world. All of the devices were running firmware developed by the same Chinese company.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Revenera Monetization Monitor 2025: Product Usage Insights Drive Better Roadmaps
From Revenera
November 25, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.