[ALUG] Cisco RV110W - RV215W - CVR100W - Bypass Login Page

Andreas Tauscher ta at geuka.net
Fri Mar 7 14:34:29 EAT 2014


> How on earth does that kind of mistake still happen?

This is even more worse: Even if you change the password or the admin
name it is enclosed in the login page HTML code.
For what reason they are there: Nobody knows. There is absolutely no
reason for something like this.
Unbelievable is the time Cisco needed to release a fixed firmware. This
problem was reported to Cisco last year!

> I also notice that 50% of public Wi-Fi routers have the default password
> unchanged, though. Or are set to the network name...

The management interface is reachable from the internet, UPNP is by
default enabled, DNS resolvers are open etc. Real freak show.
This SoHo plastic bombs are often a real time bombs for you.


More information about the Linux mailing list