Archive for February, 2014

Mitsubishi Energy Saving Data Collecting Server (EcoWebServer III) MES3-255C-EN Default Credentials

February 28, 2014

The Mitsubishi Energy Saving Data Collecting Server (EcoWebServer III) MES3-255C-EN uses several default credentials according to the manual. These require local access for the software and do not appear to work for the web server.

Enter the maintenance password (factory setting: ecopass) in the Password field, and click the [Change] button.

Writing the project via LAN
Select the [Write in this product via LAN.] radio button, and input the login ID and password for system administration in the [Login ID] and [Password] text boxes respectively.
(The default login ID and password are “ecoV” and “ecopass“.)

Reading the project via LAN
Select the [Read from this product via LAN.] radio button, and input the login ID and password for system administration in the [Login ID] and [Password] text boxes respectively.
(The default login ID and password are “ecoV” and “ecopass“.)

Checking the project via LAN
Select the [ Via Ethernet.] radio button, and input the login ID and passwordfor system administration in the [Login ID] and[Password] text boxes respectively.
(The default login ID and password are “ecoV” and “ecopass“.)

Changing the data acquisition login ID and password
The following describes the steps for changing the data acquisition login ID and password.
* The default data acquisition login ID and password are “guest” and “user“, respectively.
(The default system administration login ID and password are “ecoV” and “ecopass“, respectively.)

Advertisements

Dedicated Micros Eco Range 9/16 DVR Units Default Credentials

February 22, 2014

The Dedicated Micros Eco Range Eco 9 and Eco 16 DVR units contain several default passwords or unpassworded access according to the user manual.

Default PPP password

Once the remote computer has been configured to dial-up to the Eco, enter the PPP_Link2 IP address that was allocated to the port on the unit to make a remote dial up connection.
NOTE: The IP address used to dial in to the unit is the IP address used for PPP_Link2. The PPP IP address used in System Options->Network Settings->PPP Selection is the base PPP IP Address. The dial in address is one greater than this. Ie if the PPP IP address is defined as “10.0.0.1”, the PPP IP address required to connect to the unit is “10.0.0.2”.
The unit will request a username and password, as defined in the ‘profiles’ configuration file. The default settings are ‘username’ and ‘password’.

Installation / Menu System

User Password
A password can be set to prohibit unauthorised access to the menu systems. The default setting is Off.

Web Access

If a password has been configured it will be necessary to enter the Username and Password information to gain access to the unit. The default user name and password are dm and web.

Mitsubishi eWON COSY141 Web Interface Default Admin Credentials

February 21, 2014

The Mitsubishi eWON COSY141 installs with default admin credentials for the web interface according to the manual.

Configure the Cosy
a. Launch your internet browser and type the COSY’s LAN IP address into the address bar.
Note: Default username/password = adm

Trafficware ATMS.now Default Credentials

February 20, 2014

Trafficware’s ATMS.now contains a default account and credentials according to the manual.

Your system administrator should provide you with your user name and password. The installation assigns a
default user with a user-name “naztec” and password “naztec”, which could be retained for training and factory
upgrade purposes. It is recommended that this default login be removed for security and the system
administrator should provide a permanent, secure login for system updates and access.

“ATMS.now is an Advanced Traffic Management System (ATMS) capable of monitoring and controlling thousands of intersection controllers using state-of-the art architectures like TCP/IP and NTCIP.”

PIPS Technology AUTOPLATE Automatic License Plate Recognition (ALPR) Multiple Vulnerabilities

February 19, 2014

PIPS Technology AUTOPLATE is a license plate recognition system used by law enforcement (Shodan search) in stop light camera systems. “PIPS Technology ALPR processors are complete one-box processors for automatic licence plate recognition (ALPR).” By default these devices offer a telnet connection for management that does not require authentication!

They also have a series of default accounts and / or passwords:

Component – Account – Password
html – root – ?
pdb – wl_test – wl_test
ves – vesstore – vesstore
jpeg – ftp_boot – ftp_boot

With the html component credentials you can access the web server for information about the camera’s capture statistics:

http://1.2.3.4/cgiC/capture%20st$ats

Camera 1
fields: 1038585
images: 0
plates: 0
reads : 0
good : 0

Camera 2
fields: 1787601
images: 36781
plates: 5440
reads : 1283
good : 1269

Here is a partial log of what the command interface looks like:

Script started on Tue Nov 19 10:27:32 2013
df$ telnet 1.2.3.4
Trying 1.2.3.4…
Connected to 1.2.3.4.
Escape character is ‘^]’.

ATZ
P372 application Apr 13 2010 12:29:02
P372 Serial Number: 1234
pcb:1, vers:03, rel:x06, build:3145
RAM: 128M @ 128M EPROM: 512k
Flex vers: 16.0, capabilities 003f
Camera firmware: 4.34
362 epld vers: 13
ANPR enabled for: USA Louisiana
Operating system: C EXECUTIVE 3.3
eprom image checksum: 1408
application crc: 4714
current config crc: 1434
reference config crc: 1434
* Installed options: 00200018
* … Compact Flash
* … Basic VES with no security
* … USA Licenceplate recognition
* PIPS Technology AUTOPLATE ™ license plate recognition
* VES – (violation enforcement system)
>>system show
system
flex: flash;3722acyc.z16
exposure: mem:/expose.cnf
startup: mem:/startup.scr
time_server: 2.3.4.5
alt_time_server: 10.1.1.1
font8: flash;font_8.8k
font16: flash;font_16.32k
route: ves
access_list: mem:/access.txt
sntp_enable: 0x13
daytime_port: 0
time_zone: -6
time_poll: 300
sntp_latency: 1000
sntp_window: 200
sntp_debug: 0
sntp_max: 24
brownout: 125
powerdown: 5000
idle_time: 0
idle_mode: 0x7
plate_type: 1
plate_max: 120
plate_min: 50
t_enable: 0
t_period: 600
sio362_debug: 0
led_current: 7
ftp_debug: 0
tn_timeout: 600
access_debug: 0
cc_eds: 0
reload: 0
ping_mode: 1
ping_port: 10010
sysdump: 0
old_script: 1
* CMD:OK
>>active show
active
days:
start_1:
end_1:
start_2:
end_2:
enable: 0
debug: 0
* CMD:OK
>>client show
client
patch: 1
sum: 0
debug: 0
config: 0
threshold: 50
* CMD:OK

..

>>help
Available Commands are:
system
active
client
vf
jpeg
bmp
ves
anpr
log
pdb
capture
closeloop
trigger
ves diag
ves exc
html
mbip
mail
net
key
dump
show
set
clear
barcode
help
install
test
camera
ftp
reset
shutdown
exit
flash
flex
fs
encrypt
sleep
rtelnet
snap
trap
script
ping
jam
option
ata
cld
dir
ls
md
rd
rm
del
ren
cd
check
copy
cmp
type
cat
mkfs
partition
scan
creat
image
make
destroy
tail
gzip
gunzip
kermit
action
>>rtelnet
Require IP address and optional port parameters
>>trap show
not implemented
* CMD:ERROR 1
>>script show
cannot open script show on local disk
attempting to fetch script from server
script not found on server
* CMD:ERROR 1
>>ping
PING 1.2.3.4 (1.2.3.4): 56 data bytes
64 bytes from 1.2.3.4: icmp_seq=0 ttl=59 time=23 ms
64 bytes from 1.2.3.4: icmp_seq=1 ttl=59 time=32 ms
64 bytes from 1.2.3.4: icmp_seq=2 ttl=59 time=42 ms
64 bytes from 1.2.3.4: icmp_seq=3 ttl=59 time=31 ms

— 1.2.3.4 ping statistics —
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 14/54/42 ms
* CMD:OK
>>dir
mem:/
EVENT .OLD w—- 40790 bytes 19/11/2013 7:35:12
EVENT .LOG w—a 1706 bytes 19/11/2013 17:28:52
TIME .TXT w—a 11 bytes 19/11/2013 17:32:26
SYSTEM .INI w—a 4283 bytes 19/11/2013 7:35:20
EXPOSE .CNF w—a 190 bytes 4/05/2013 1:18:26
VES . w–d- dir 4/05/2013 1:19:06
OPENED . w—- 0 bytes 4/05/2013 1:19:10
SEQ . w—a 8 bytes 19/11/2013 17:31:10
ENTROPY .BIN w—a 112 bytes 19/11/2013 17:23:02
MONITOR .INI w—a 67 bytes 16/10/2013 15:33:56
ACCESS1 .DEF w—a 526 bytes 19/11/2013 17:20:54

10 files, 1 subdirectory. Total Disk Capacity: 2048 k, Total shown here: 46 k
* CMD:OK
>>type event.log
19-Nov-2013 07:35:12:(9) ( start), EVENT LOG START UP
19-Nov-2013 07:35:12:(6) ( start), trimming 23 lines from event log history
19-Nov-2013 07:35:12:(9) ( start), integrity: 40 seconds since last update
19-Nov-2013 07:35:12:(6) ( mon_temp), no temperature sensor
19-Nov-2013 07:35:12:(9) ( start), access control list not present
19-Nov-2013 07:35:12:(9) ( start), software options: 00200018
19-Nov-2013 07:35:16:(9) ( start), Hardware JPEG Chip 1 software option not present
19-Nov-2013 07:35:16:(9) ( start), Hardware JPEG Chip 2 software option not present
19-Nov-2013 07:35:17:(6) ( start), sync set to: 625
19-Nov-2013 07:35:17:(9) ( stream), Platform will not support streaming video
19-Nov-2013 07:35:17:(9) ( ves), Software options set are not compatable with encryption or context capture
19-Nov-2013 07:35:17:(9) ( vid_events), VIDEO: P372 twin video input process starting

..

>>cat system.ini
[net]
mask=255.255.255.224
bcast=192.200.200.255
gateway=1.2.3.1
script=mem:/net01.scr
speed=0

..

telnet> close
Connection closed.
df$ exit
exit

Script done on Tue Nov 19 10:33:06 2013

Pandora DVR Default Admin Mode Password

February 18, 2014

The Pandora DVR unit version 4.10 comes with a default password for the administrator mode according to the manual.

Administrator mode
To maintain the system and set the parameters the ADMINISTRATOR mode must be used.
Entering in the ADMINSTRATOR mode is password protected.
The factory defaults are as follows
The login is “administrator” and the password is “super”.19
It is strongly advised that you change the administrators password before normal usage of the DVROS (see Configuration of DVR).

Polycom SoundPoint IP 450 Web Configuration Utility Default User Password

February 17, 2014

The Polycom SoundPoint IP 450 phone uses a web configuration utility that has a default user password according to the manual.

To access the Web Configuration Utility for your phone:

The factory default password for a User is 123

S3 N1031 / N1072 Box IP Camera Web Interface Default Admin Credentials

February 16, 2014

The S3 N1031 (firmware V1.07_STD-1) and N1072 (firmware V1.01_STD-1) “box” IP cameras (Shodan search) contain a default web interface password.

user: 3sadmin
password: 27988303

Dedicated Micros Eco4 Default Unpassworded Access

February 15, 2014

The Dedicated Micros Eco4 multi-channel recording and playback device allows for complete access without credentials according to the manual.

By default, no Usernames and Passwords are required to access any of the various menus. Usernames and Passwords can however be added to regulate access to the Configuration and Viewer menus, refer to the ‘Display Settings-> User Accounts’ menu for information on establishing Usernames and Passwords.

Seon Explorer MX-HD DVR Default Password

February 14, 2014

The Seon Explorer MX-HD Basic and Plus Mobile DVR contains a default password according to the manual.

CAUTION: DVR Password Security
The default password is 11111111. For security purposes, Seon recommends that the user default login
and system settings passwords should be changed. Seon is not responsible if the password is lost or
forgotten.

seon