TUCoPS :: Network Appliances :: a6154.htm

NB 1300 modem/router password remotely accessible
16th Apr 2003 [SBWID-6154]

	NB 1300 modem/router password remotely accessible


	NB 1300 modem/router, all known firwmare versions


	denote [denote(at)freemail(dot)com(dot)au] found following:
	The NB1300 has by default the ftp server (VxWorks  (5.4.1))  exposed  to
	the WAN interface. The default password is  often  not  changed  by  the
	User: admin Password: password
	When connection is made to the ftp server the routers core system  Files
	are exposed to the admin account. Perform a simple "get config.reg"  and
	the username and password Of the account are given in clear text.
	1. The username and password may be used to  access  the  users  Account
	details, collect their email, use the data available to them Etc...
	2. (untested) The  system  files  of  the  VxWorks  (5.4.1)  OS  may  be
	modified or deleted to impact a  denial  of  service,  rendering  device


	disable the ftp WAN access and/or change Admin account details.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH