Hitron CGN3 Residential D3 WiFi Gateway Web Interface Default Credentials

November 1, 2015

The Hitron CGN3 Residential D3 WiFi Gateway installs with default administrator credentials according to the manual. But it isn’t clear if there are two different logins:

The CGN3’s default IP address and login credentials are as follows. For more information, see Login to the CGN3 on page 23.
IP Address
Username cusadmin
Password password

Enter the CGN3’s IP address (default in the URL bar. The Login screen displays.
Enter the Username and Password. The default login username is admin, and the default password is password


Palo Alto Networks Panorama VM Appliance Web Console Default Admin Credentials

October 31, 2015

According to the manual for the Palo Alto Networks Panorama VM Appliance 6.0:

Panorama provides centralized management and visibility of multiple Palo Alto Networks next-generation firewalls. It allows you to oversee all applications, users, and content traversing the network from one location, and then use this knowledge to create application enablement policies that protect and control the entire network. Using Panorama for centralized policy and device management increases operational efficiency in managing and maintaining a distributed network of firewalls.

The manual also shows that the appliance has a default admin password for the web console to manage the VM:

Access the console of the Panorama virtual appliance.
1. Select the Console tab on the ESX(i) server for the virtual Panorama. Press enter to access the login screen.
2. Enter the default username/password (admin/admin) to log in.
3. Enter configure to switch to configuration mode.

EFF identified dozens of license plate readers with insufficient security

October 30, 2015

The EFF identified dozens of license plate readers with insufficient security (and many with no protection at all). You can read the full article which mentions one of my blog posts with my research on the devices!

Independently, a researcher named Darius Freamon found that you could access the control panels via Telnet and generate statistics about plate captures. Building off Freamon’s work, a team of computer scientists at the University of Arizona dug further into the data and found vulnerable cameras in Washington, California, Texas, Oklahoma, Louisiana, Mississippi, Alabama, Florida, Virginia, Ohio, and Pennsylvania. The largest cluster was in southeastern Louisiana.

Monroe Electronics Model R189 One-Net Digital Emergency Alert System Encoder/Decoder Default Credentials

September 12, 2015

Monroe Electronics Model R189 One-Net Digital Emergency Alert System Encoder/Decoder aka DASDEC uses a web interface for device management. According to the manual it contains several default credentials:

4.1.1. Using a VGA monitor, keyboard, and mouse with a One-Net To configure the One-Net:
• Connect the VGA monitor, keyboard and mouse connected to the correct ports on the back of the One-Net.
• Then power up and wait for the One-Net to boot and become fully operational. Make sure the VGA monitor is powered on.
• You will be presented with a login prompt on the VGA monitor. Type in the user name of “root” (without parenthesis). The default password is “dasdec1“.

Wait for the desktop to fully launch. Once the desktop is ready, run the provided One-Net browser app by clicking the icon labeled One-Net Web Interface. This launches a browser, which will automatically access the One-Net web server Login page. Follow the instructions for Section 4.2 below for logging into the One-Net using the Web login page. Everything you will need to do to setup the One-Net for operation and remote network access will be available from within the Web interface. There is a built in administrative user (Admin) for the One-Net Web Interface. The default password for Admin is “dasdec

Web Server Login
When the One-Net successfully connects for a Web session, it will present the following page in the Web browser.
Type “Admin” (no quotes) as the default user name, and “dasdec” (again, without quotes) as the password. Press the left mouse button over the Login button. With the correct user name and password, the One-Net will login. If the user or password is incorrect, the One-Net will display a message indicating the problem. If the One-Net is left unattended for 10 minutes, it will automatically logout. A message indicating session timeout will be displayed on the login screen.


Sony Network Camera SNC-RH124 Web Interface Default Admin Credentials

September 11, 2015

The Sony Network Camera SNC-RH124 uses a web interface to access the camera feed and configure it. According to the manual and tested against a camera running firmware 1.34.00 it comes with default credentials:


Barix Streaming Client Multiple Vulnerabilities

September 10, 2015

The Barix Streaming Client is a product that “can deliver high quality branded audio in real time via the internet or a local network to an unlimited number of locations and gives the option for localized and targeted ad insertion too, all via live streaming.

It uses a web interface for device management. By default it does not require authentication and does not appear to allow you to set a user account just a password. Version B3.14 was tested and found to have additional problems!

Unauthenticated access –


You can manipulate streaming settings and change the audio the person hears –


Under Configuration -> Advanced Settings, the ‘User Agent’ field is not sanitized. Inserting script code triggers a POST request to /setup.cgi and updates the ‘S517’ parameter allowing for cross site scripting that renders on uifadvanced.html –



It also renders on /ixstatus.html –


The security settings that allow for a password –


You can also manually reboot the device or create a script that will continually reboot it –


SonoSite M-Turbo Ultrasound System Networked Interface Default Admin Credentials

August 25, 2015

The SonoSite M-Turbo Ultrasound System is a medical device that allows for network connectivity if configured. It has an interface with multiple user roles allowed and installs with default administrative credentials according to the manual.



Actiontec GT701D DSL Modem Web Interface Default Admin Credentials

August 24, 2015

Actiontec GT701D DSL modems use a web interface for device management. According to the manual they ship with default administrator credentials:

A login window appears. Enter the user name and password in the appropriate text boxes, then click OK.
! Note: The default user name is “admin.” The default password is “password.”

Barracuda Phone System Default Admin Credentials

July 22, 2015

The Barracuda Phone System is a telphony solution that comes with default credentials. The “Getting Started” guide shows the console uses defaults:

At the Administrative Console prompt login, enter the credentials: admin/admin

The next step of the guide shows they are used for the web interface too:

In a web browser, enter the Barracuda Phone System IP address, for example, type
Log in to the web interface by entering the credentials admin/admin.

Canon ImageFORMULA DR Series WU10 WI-FI Enabled Document Scanner Multiple Default Passwords

July 18, 2015

The Canon ImageFORMULA DR Series WU10 is a Wi-Fi enabled high-speed document scanner. According to the manual it comes with two defaults:

Default wireless password / security key:

Web Interface (over wireless) default admin credentials:



Get every new post delivered to your Inbox.

Join 808 other followers