Yondoo provided router, has "password" as admin pw, won't let us change it
Eric Kuhnke
eric.kuhnke at gmail.com
Thu Feb 9 00:57:30 UTC 2023
I agree, but if we start listing every massive security vulnerability that
can be found on the intra-home LAN in consumer-grade routers and home
electronics equipment, or things that people operate in their homes with
the factory-default passwords, we'd be here all month in a thread with 300
emails.
I'm sure this ISP will realize what a silly thing they did if and when some
sort of worm or trojan tries a set of default logins/passwords on whatever
is the default gateway of the infected PC, and does something like rewrite
the IPs entered for DNS servers to send peoples' web browsing to
advertising for porn/casinos/scams, male anatomy enlargement services or
something.
On Wed, Feb 8, 2023 at 3:28 PM William Herrin <bill at herrin.us> wrote:
> On Wed, Feb 8, 2023 at 2:36 PM Eric Kuhnke <eric.kuhnke at gmail.com> wrote:
> > I would hope that this router's admin "password" interface is only
> accessible from the LAN side.
> > This is bad, yes, but not utterly catastrophic.
>
> It means that any compromised device on the LAN can access the router
> with whatever permissions the password grants. While there are
> certainly worse security vulnerabilities, I'm reluctant to describe
> this one as less than catastrophic. Where there's one grossly ignorant
> security vulnerability there are usually hundreds.
>
> Regards,
> Bill Herrin
>
>
> --
> For hire. https://bill.herrin.us/resume/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230208/0f5d0709/attachment.html>
More information about the NANOG
mailing list