September 12, 2015
Monroe Electronics Model R189 One-Net Digital Emergency Alert System Encoder/Decoder aka DASDEC uses a web interface for device management. According to the manual it contains several default credentials:
4.1.1. Using a VGA monitor, keyboard, and mouse with a One-Net To configure the One-Net:
• Connect the VGA monitor, keyboard and mouse connected to the correct ports on the back of the One-Net.
• Then power up and wait for the One-Net to boot and become fully operational. Make sure the VGA monitor is powered on.
• You will be presented with a login prompt on the VGA monitor. Type in the user name of “root” (without parenthesis). The default password is “dasdec1“.
Wait for the desktop to fully launch. Once the desktop is ready, run the provided One-Net browser app by clicking the icon labeled One-Net Web Interface. This launches a browser, which will automatically access the One-Net web server Login page. Follow the instructions for Section 4.2 below for logging into the One-Net using the Web login page. Everything you will need to do to setup the One-Net for operation and remote network access will be available from within the Web interface. There is a built in administrative user (Admin) for the One-Net Web Interface. The default password for Admin is “dasdec”
Web Server Login
When the One-Net successfully connects for a Web session, it will present the following page in the Web browser.
Type “Admin” (no quotes) as the default user name, and “dasdec” (again, without quotes) as the password. Press the left mouse button over the Login button. With the correct user name and password, the One-Net will login. If the user or password is incorrect, the One-Net will display a message indicating the problem. If the One-Net is left unattended for 10 minutes, it will automatically logout. A message indicating session timeout will be displayed on the login screen.
September 11, 2015
The Sony Network Camera SNC-RH124 uses a web interface to access the camera feed and configure it. According to the manual and tested against a camera running firmware 1.34.00 it comes with default credentials:
September 10, 2015
The Barix Streaming Client is a product that “can deliver high quality branded audio in real time via the internet or a local network to an unlimited number of locations and gives the option for localized and targeted ad insertion too, all via live streaming.”
It uses a web interface for device management. By default it does not require authentication and does not appear to allow you to set a user account just a password. Version B3.14 was tested and found to have additional problems!
Unauthenticated access –
You can manipulate streaming settings and change the audio the person hears –
Under Configuration -> Advanced Settings, the ‘User Agent’ field is not sanitized. Inserting script code triggers a POST request to /setup.cgi and updates the ‘S517’ parameter allowing for cross site scripting that renders on uifadvanced.html –
It also renders on /ixstatus.html –
The security settings that allow for a password –
You can also manually reboot the device or create a script that will continually reboot it –
August 25, 2015
The SonoSite M-Turbo Ultrasound System is a medical device that allows for network connectivity if configured. It has an interface with multiple user roles allowed and installs with default administrative credentials according to the manual.
August 24, 2015
Actiontec GT701D DSL modems use a web interface for device management. According to the manual they ship with default administrator credentials:
A login window appears. Enter the user name and password in the appropriate text boxes, then click OK.
! Note: The default user name is “admin.” The default password is “password.”
July 22, 2015
The Barracuda Phone System is a telphony solution that comes with default credentials. The “Getting Started” guide shows the console uses defaults:
At the Administrative Console prompt login, enter the credentials: admin/admin
The next step of the guide shows they are used for the web interface too:
In a web browser, enter the Barracuda Phone System IP address, for example, type http://192.168.200.200
Log in to the web interface by entering the credentials admin/admin.
July 18, 2015
The Canon ImageFORMULA DR Series WU10 is a Wi-Fi enabled high-speed document scanner. According to the manual it comes with two defaults:
Default wireless password / security key:
Web Interface (over wireless) default admin credentials:
July 17, 2015
The Motorola VT2542 Voice Gateway router uses a web interface for device management. According to the manual it comes with default admin credentials:
July 16, 2015
The ALCATEL ONETOUCH MiFi Y580 Wireless Hotspot Router uses a web interface for device management. According to the manual it has a default admin password:
2.1 login the configuration page
Open the browser, and then input the address http://192.168.1.1. The page displayed
The default login password is admin.
July 15, 2015
Panasonic Network Cameras (Models WV-SW598, WV-SW397A, WV-SW397, WV-SC588 and WV-SC387) allow for network access to control and monitor them. According to the manual they come with default admin credentials:
• It is possible to enhance the network security by encrypting the access to cameras using the HTTPS function.
Refer to the Operating instructions on the provided CD-ROM for how to configure the HTTPS settings
• Click the [Setup] button on the “Live” page, the user authentication window will be displayed. Enter the default
user name and password as follows, and log in.
User name: admin