SpeedXess DSL Router Uses Common Default Password
|
|
SecurityTracker Alert ID: 1002899 |
|
SecurityTracker URL: http://securitytracker.com/id/1002899
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 4 2001
|
Impact:
Modification of system information
|
|
Version(s): HASE-120(IPOA Router); Firmware Version HASE-120-1101
|
Description:
A default configuration vulnerability was reported in the Hyundai Networks SpeedXess DSL Router. A remote user can access the router if the common default password has not been changed.
The SpeedXess HASE-120 ADSL Router uses a common default password that can be readily guessed by remote users. The default password is reported to be "speedxess".
|
Impact:
A remote user can access the router and change the router's configuration settings if the common default password has not been changed.
|
Solution:
Be sure to change the default password.
|
Vendor URL: english.speedxess.net/product/residence/HASE-120.html (Links to External Site)
|
Cause:
Configuration error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: 4 Dec 2001 03:25:18 -0000
Subject: SpeedXess HASE-120 router default password
|
SpeedXess HASE-120(IPOA Router) Default
password vulnerability
by Secret (sale2001@orgio.net)
(WOWHACKER: http://www.wowhacker.com)
-=Content=-
Too many routers are exposed to default password
problem, so I write this for the security of router. This
is not for attack but security. I came to know many
company use SpeedXess HASE-120 router, but they
don't seem to be aware of this problem, or don't care.
I happened to connect SpeedXess HASE-120 router
one day. SpeedXess Hase-120 may be one of most
routers ISPs supply. I could guess the default
password easily. But they don't seem to care
because the router is not considered as important. If
you use default password of SpeedXess Hase-120
router, change it now.
[exploit]:
The default password is easy for you to guess. Look
at the text logo! And guess! The password
is "speedxess".
telnet Target
(target: speedxess hase-120 router address)
##### # #
# # ##### ###### ###### ##### # #
###### #### ####
# # # # # # # # # # # #
##### # # ##### ##### # # # #####
#### ####
# ##### # # # # # # # # #
# # # # # # # # # # # # # #
##### # ###### ###### ##### # #
###### #### ####
# # # ##### ####### # #### ###
# # # # # # # ## # # # #
# # # # # # # # # # #
####### # # ##### ###### ##### # ####
# #
# # ####### # # # # # #
# # # # # # # # # # #
# # # # ##### ####### ##### ######
###
SpeedXess HASE-120(IPOA Router) Application
Start...
Welcome to HASE-120(IPOA Router) Management
Interface
Enter Password: <------ master password input :
speedxess
HASE-120(I) - Main Menu
[S] System
[A] Atm interface
[D] Dsl interface
[E] Ethernet interface
[I] IPOA interface
[R] Router
[X] eXit
Enter Selection: X
Do you want to exit? (Y)es, (N)o : YESSession End
Connection closed by foreign host.
[secret@secret:~]$
After connection, we can change the information
through system menu including router setting value.
[solution]:
1. connect to your router.
2. Put "S"
HASE-120(I) - Main Menu
[S] System
[A] Atm interface
[D] Dsl interface
[E] Ethernet interface
[I] IPOA interface
[R] Router
[X] eXit
Enter Selection: S
HASE-120(I) - Main Menu - System
Firmware Version HASE-120-1101
System Uptime(YYMMDDhhmmss) ??:??:??:??:??:??
Name of System Owned by Secret
Contact Name Secret Secure Lab
Location France
Ethernet Address 00:00:??:??:??:14
IP Address 211.xxx.xxx.xxx
Subnet Mask 255.255.255.xxx
[P] Password change
[F] Firmware upgrade
[S] Setting values
[R] Reset system
[I] rs-232 Interface
[A] ARP table
[X] eXit
Enter Selection:
3. Put "P" and then change the password.
Enter Selection: P
Enter New Password (up to 10 characters):
Re-enter New Password:
Recording Changes. This may take a while...Done
Password is changed successfully.
|
|
