Main » 2011 » Март » 16 » Yota egg vulnerability or a feature?
12:21
Yota egg vulnerability or a feature?
Did you know that in the Egg by Yota has a hidden (unnamed in the manual "," unknown 99% of users "- as you wish), admin interface, which allows more fine-tune the device and see detailed statistics?

Did you know that access to it is closed the same for all devices, a pair of login / password admin / admin?



How to spot a


My bandmate and friend Mofas from purely altruistic motives rassharivaet internet his Yota Egg for all around (for example, in the university cafeteria, for their classmates).

A few days ago, when the speed of the Internet has slipped to unacceptable tens of kbit / s, I decided to see whether this is due to the number of subkeys to the point or the signal level fell again.

Ping broadcast-address subnet eggs showed only two customers and one ip, which was clearly not the address of the router is not included in the client address pool:



Going to http://192.168.1.254 and entering a credit default admin / I got the admin access to all settings, the router without the knowledge of its owner, because he knew just about described in the user control panel Manuale http://192.168.1.1, password he has changed, following the same manual, immediately after purchase.

How so?


As it turned out (in principle, it was not a big secret) Yota Egg - a device the Korean company Interbro KWI B2200, in the administrative part of which I got.

Apparently, the original interface kwi b2200 Yota'vtsam seemed not too friendly for the average user (with the more difficult to argue), so they created their own admin
(and why should once again show the logo of the supplier?) describe its interface and settings in the manual, but here is change the password on the "real" control panel forgotten.

The following quote some screenshots (thanks, Mofas) panel from Yota and from Interbro:





Do not want negativity towards the company's Yota, but still want to warn users of this wonderful device from the vulnerability.

Should just go to a web browser to the address 192.168.1.254, enter the username / password admin / admin and under Management> Password change the password for a new one.
Views: 574 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: