Doug Vitale Tech Blog

Default passwords (from OEMs) for networked devices

The manufacturers of networking devices (i.e., routers, switches, firewalls) and network-capable devices (such as printers and multifunction devices) often include built-in HTTP services that run on them. This HTTP functionality allows you to open web-based graphical user interfaces (GUIs) for the purpose of configuring and administering the devices. For example, here are the web GUIs for configuring a Netgear GS108T switch and a Linksys WRT54G wireless router.

Netgear GS108T configuration

Netgear GS108T administrative interface

Linksys web configuration

Linksys WRT54G wireless router web configuration

As you can see, there are multiple tabs and submenus available to let you tweak the configuration of the device to meet your needs and preferences.

Most manufacturers password-protect these interfaces as a simple measure to prevent access by intruders. These default passwords are intended for out-of-the-box installation and configuration. The problem is that many device owners never bother to change these default original equipment manufacturer (OEM) passwords, and several websites exist that categorize and publish them (making them available to malicious and ethical hackers alike).

These default passwords are available on the websites listed below. Consequently, attackers can easily obtain them and log in to any devices whose passwords have not been changed. In the best case scenario, intruders will only want to piggy-back on your Internet connection. However, they could also try to carry out more nefarious attacks.

Cirt.net – contains a useful search function.

Phenoelit-us.org – at the time of writing this list was last updated in October 2010, making it somewhat out-of-date.

Dopeman.org – last updated in 2004, it might be useful for obtaining passwords for older devices.

Open-sez.me – last updated in Aug. 2013.

RouterPasswords.com – search by manufacturer.

Security Override

PortForward.com

Others include DefaultPassword.com, Default-Password.info, and Virus.org.

Recommended reading

If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!

Perfect Password: Selection, Protection, Authentication on Amazon Perfect Passwords  Basics of Hacking and Pen Testing Basics of Hacking and Pen Testing

Hacking: The Art of Exploitation on Amazon Hacking: The Art of Exploitation Gray Hat Hacking on Amazon Gray Hat Hacking

About these ads

Written by Doug Vitale

December 1, 2011 at 11:26 AM

%d bloggers like this: