nanog mailing list archives
Re: Yondoo provided router, has "password" as admin pw, won't let us change it
From: William Herrin <bill () herrin us>
Date: Wed, 8 Feb 2023 15:27:15 -0800
On Wed, Feb 8, 2023 at 2:36 PM Eric Kuhnke <eric.kuhnke () gmail com> wrote:
I would hope that this router's admin "password" interface is only accessible from the LAN side. This is bad, yes, but not utterly catastrophic.
It means that any compromised device on the LAN can access the router with whatever permissions the password grants. While there are certainly worse security vulnerabilities, I'm reluctant to describe this one as less than catastrophic. Where there's one grossly ignorant security vulnerability there are usually hundreds. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
Current thread:
- Yondoo provided router, has "password" as admin pw, won't let us change it TACACS Macaque via NANOG (Feb 08)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it Eric Kuhnke (Feb 08)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it William Herrin (Feb 08)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it Eric Kuhnke (Feb 08)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it Jason R. Rokeach via NANOG (Feb 08)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it Todd Stiers (Feb 09)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it Dave Taht (Feb 09)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it William Herrin (Feb 08)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it Eric Kuhnke (Feb 08)
- Re: Yondoo provided router, has "password" as admin pw, won't let us change it Collider (Feb 08)
- Message not available
- Yondoo provided router, has "password" as admin pw, won't let us change it TACACS Macaque via NANOG (Feb 09)