This topic contains 1 reply, has 2 voices, and was last updated by sephstorm 1 month, 2 weeks ago.
- March 2, 2021 at 7:18 am #368309
i can’t disclose info about it…. so here is a brief words about it .. due to the lack of authentication verifying in some pages which results in PPPoe username leak & wifi password leak ( in addition to the ability of modifying them) ….. that wouldn’t be a big deal if it wasn’t to the practices of the ISPs they contract with & supply devices to. as one of them that supplies that product to customers tends to have two management accounts in the device one with user privileges printed on the back of the device and the other with admin privileges with the PPPoe username as password
so as expected any leak of the pppoe username which happens that you can’t find it anywhere other than the router configuration page … leads to access of an admin account that mostly the users/customers/owners don’t know about.
and to the surprise, you can found about more than 1K of that device remotely accessible on shodan
they know and i have mentioned the ISP stuff … but the shodan part.
the device has somewhat good specs which would make it a decent addition to someone bot net.
So am i overstatement & should remove this post and take the bounty and shut the F up or what ?
- March 2, 2021 at 7:18 am #368310
Send it to someone who knows how to get the word out. Or just accept it, your choice.
- March 2, 2021 at 7:18 am #368311
if you’re in the US and this is your normal Reddit account I’d nuke the post now smile and go on your way. if your in another more civilized country and the company is in the US laugh and nod.
You must be logged in to reply to this topic.