Default passwords (from OEMs) for networked devices
The manufacturers of networking devices (i.e., routers, switches, firewalls) and network-capable devices (such as printers and multifunction devices) often include built-in HTTP services that run on them. This HTTP functionality allows you to open web-based graphical user interfaces (GUIs) for the purpose of configuring and administering the devices. For example, here are the web GUIs for configuring a Netgear GS108T switch and a Linksys WRT54G wireless router.
As you can see, there are multiple tabs and submenus available to let you tweak the configuration of the device to meet your needs and preferences.
Most manufacturers password-protect these interfaces as a simple measure to prevent access by intruders. These default passwords are intended for out-of-the-box installation and configuration. The problem is that many device owners never bother to change these default original equipment manufacturer (OEM) passwords, and several websites exist that categorize and publish them (making them available to malicious and ethical hackers alike).
These default passwords are available on the websites listed below. Consequently, attackers can easily obtain them and log in to any devices whose passwords have not been changed. In the best case scenario, intruders will only want to piggy-back on your Internet connection. However, they could also try to carry out more nefarious attacks.
Cirt.net – contains a useful search function.
Phenoelit-us.org – at the time of writing this list was last updated in October 2010, making it somewhat out-of-date.
Dopeman.org – last updated in 2004, it might be useful for obtaining passwords for older devices.
Open-sez.me – last updated in Aug. 2013.
RouterPasswords.com – search by manufacturer.
If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!