If you are using BSNL's ZTE ZXDSL 531B to surf the net this post is for you.
If you have not bothered to change the admin password, LAN IP of your modem, then you don't care enough - safely skip this post as this critical bug will be just another jump of convinience over security for you.
I was fiddling with the tftp implementation of the modem which means I was trying to configure the modem from command line using
telnet modem_ip 23
on my ubuntu box. To my surprise, the user "user" which has limited rights of just uploading a new configuration file could do everything an "admin" could do from the telnet session. I have reported the bug to ZTE. Hopefully, they should upgrade their firmware with the fix.
Those of you guys who changed the admin password but did not do the same with the "user" and "support" password - change it now.



LinkBack URL
About LinkBacks
Reply With Quote
