Wi-Fi routers vulnerable to remote hacking due to hard-coded admin credentials
A group of researchers have discovered that they could remotely log into some Wi-Fi routers using the hard-coded default administrator login. This yet unpatched security vulnerability can give attackers access to a few DSL, SOHO (small office / home office) WiFi routers using such default login scheme.
The group of researchers from the European University of Madrid had disclosed this vulnerability in May 2015 along with a few more other security vulnerabilities include privilege escalation, CSRF, XSS, DOS, authentication bypasses in other devices. According to an alert issued Tuesday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University, the affected device models are:
- ASUS DSL-N12E,
- DIGICOM DG-5524T,
- Observa Telecom RTA01N,
- Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN and
- ZTE ZXV10 W300.
According to the researchers’ findings, all of these devices give administrative control over the router by using a hard-coded login scheme. Using the “admin” username for the Asus, DIGICOM, Observa Telecom, and ZTE devices, and the “adminpldt” for the Philippine Long Distance Telephone (PLDT) router, a hacker could easily authenticate himself on the WiFi stations using a common password.
The password scheme is “XXXXairocon” where XXXX represents the last four digits in the router’s MAC physical address, which usually is presented in consoles like six groups of two hexadecimal characters in the form of: “XX-XX-XX-XX-XX-XX“
Since getting hold of a router’s MAC is a trivial task for any technically skilled person, this would allow anyone to guess the admin passwords for those devices. Since the hard-coded password has the same format for all the mentioned devices, the firmware for all the above routers seems to manufactured by the same company.