| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Oct 2012 21:50:07 +0800 (SGT) From: Nursyafiq Mohamad <izecson_k22@...oo.com.my> To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: P1 WiMAX modems port 80 open with default login P1 Networks is the first company to launch commercial WiMAX services in Malaysia back in August 2008. Subscribers connect to the base station via a supplied modem. By default, the modem has its port 80 open to allow owner to access its admin interface from a web browser. Currently, the default configuration also allows anyone to access port 80 on the modem from the Internet. Additionally, most if not all the modems appear to use the same default login with "admin" as the username and "admin123" as the password. The range of IP address space for P1 Networks is 180.72.0.0 - 180.75.255.255 (max. 262144 hosts). By probing port 80 on these IP addresses using nmap, we can easily find and login into most of the active modems using the default login described earlier. 16048 active P1 modems (most using default login) as of October 13, 2012: http://pastebin.com/pkuNfSJF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists