Samsung ADSL Modem Multiple Default Accounts

2005-03-21T00:13:26
ID OSVDB:15023
Type osvdb
Reporter OSVDB
Modified 2005-03-21T00:13:26

Description

Vulnerability Description

By default, the Samsung ADSL Modem installs with a default password. The following account/password pairs are publicly known and documented. This allows attackers to trivially access the program or system.

root/root admin/admin user/user

Short Description

By default, the Samsung ADSL Modem installs with a default password. The following account/password pairs are publicly known and documented. This allows attackers to trivially access the program or system.

root/root admin/admin user/user

Manual Testing Notes

http://[host]/cgi-bin/adsl.cgi

or

telnet [victim] 23

References:

Vendor URL: http://www.samsung.com/ Security Tracker: 1013615 Related OSVDB ID: 15022 Other Advisory URL: http://exploitlabs.com/files/advisories/EXPL-A-2005-002-samsung-adsl.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0653.html Keyword: EXPL-A-2005-002 CVE-2005-0865 Bugtraq ID: 12864