Some WiFi Routers Can Be Hacked Using a Hard-Coded Default Login

A yet unpatched security vulnerability can give attackers access to a few DSL, SOHO (small office / home office) WiFi routers using a default login scheme.

First reported at the end of May by a group of researchers from the European University of Madrid, which also disclosed a few more other issues as well, the vulnerability probably stems from a common firmware, shared by all devices affected by this problem.

According to CERT, there are five home-use WiFi routers with this problem:  

According to the researchers' findings, all of these devices give administrative control over the router by using a hard-coded login scheme.

Using the "admin" username for the Asus, DIGICOM, Observa Telecom, and ZTE devices, and the "adminpldt" for the Philippine Long Distance Telephone (PLDT) router, a hacker could easily authenticate himself on the WiFi stations using a common password.

All affected devices share a similar type of default login credentials

The password scheme is "XXXXairocon" where XXXX represents the last four digits in the router's MAC physical address, which usually is presented in consoles like six groups of two hexadecimal characters in the form of: "XX-XX-XX-XX-XX-XX"

Since getting hold of a router's MAC is a trivial task for any technically skilled person, this would allow anyone to guess the admin passwords for those devices.

According to Jose Antonio Rodriguez Garcia, one of the Spanish security researchers, "all routers have been physically tested" as part of their dissertation and all vendors have been informed of their device's vulnerability.

Some of the other security vulnerabilities also uncovered during their research include privilege escalation, CSRF, XSS, DOS, authentication bypasses, and many other more, but these affect other devices.

DIGICOM DG-5624T