From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Sep 06 2004 - 02:20:40 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Dynalink RTA230 Default Username and Password

SECUNIA ADVISORY ID:
SA12461

VERIFY ADVISORY:
http://secunia.com/advisories/12461/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Dynalink RTA230
http://secunia.com/product/3866/

DESCRIPTION:
fabio has reported a security issue in Dynalink RTA230, which can be
exploited by malicious people to gain control of a vulnerable
device.

The problem is that even when the administrative password has been
changed, a default account remains active. This can be exploited to
gain access using the following username/password combination:

Username: userNotUsed
Password: userNotU

Reportedly, the product listens on all interfaces by default.

SOLUTION:
Disable remote access.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
fabio

ORIGINAL ADVISORY:
http://skaya.enix.org/wiki/BroadCom96345

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]