Yondoo provided router, has "password" as admin pw, won't let us change it
bill at herrin.us
Wed Feb 8 23:27:15 UTC 2023
On Wed, Feb 8, 2023 at 2:36 PM Eric Kuhnke <eric.kuhnke at gmail.com> wrote:
> I would hope that this router's admin "password" interface is only accessible from the LAN side.
> This is bad, yes, but not utterly catastrophic.
It means that any compromised device on the LAN can access the router
with whatever permissions the password grants. While there are
certainly worse security vulnerabilities, I'm reluctant to describe
this one as less than catastrophic. Where there's one grossly ignorant
security vulnerability there are usually hundreds.
For hire. https://bill.herrin.us/resume/
More information about the NANOG