Yondoo provided router, has "password" as admin pw, won't let us change it

William Herrin bill at herrin.us
Wed Feb 8 23:27:15 UTC 2023


On Wed, Feb 8, 2023 at 2:36 PM Eric Kuhnke <eric.kuhnke at gmail.com> wrote:
> I would hope that this router's admin "password" interface is only accessible from the LAN side.
> This is bad, yes, but not utterly catastrophic.

It means that any compromised device on the LAN can access the router
with whatever permissions the password grants. While there are
certainly worse security vulnerabilities, I'm reluctant to describe
this one as less than catastrophic. Where there's one grossly ignorant
security vulnerability there are usually hundreds.

Regards,
Bill Herrin


-- 
For hire. https://bill.herrin.us/resume/


More information about the NANOG mailing list