Advanced Media Technologies (AMT) makes all kinds of products. While playing with Shodan, I ran across a couple of their devices by way of their web interfaces. The two I found use “Z-World Rabbit” for a server, so they are fairly easy to find:
HTTP/1.1 200 OK
Date: Wed, 12 Mar 1980 23:24:37 GMT
Server: Z-World Rabbit
Both devices I found have the same basic web interface and the same vulnerabilities. The first device was a PBN CPON-100 (product, data sheet) described as a “Customer Premises Optical Node for Fast Ethernet and CATV”. The second device is the PBN OSLAM-8G (product, data sheet) described as a “Optical Subscriber Line Access Multiplexer 8-Port Module”. By default neither have any kind of authentication to access them!
The main page, / or /index.zhtml shows the Internal IP of the gateway giving you the private IP space being used. It also shows application version, MAC address, serial number, BIOS version and uptime:
Without authenticating anyone can access /advanced.zhtml which lets you reboot the device or restore factory default settings: