Yota Egg: Vulnerability or feature?
Did you know that in Egg from Yota there is a hidden (“unmentioned in manual”, “unknown 99% of users” - as you like) administrative interface, which allows you to more finely configure this device and watch detailed statistics?
Did you know that access to it is closed by the same login / password admin / admin pair for all devices?
')
My classmate and friend Mofas from purely altruistic motives shares the internet of his Yota Egg for everyone around (for example, in the university canteen, for his classmates).
The other day, when the Internet speed went down to unacceptable tens of kbps, I decided to see if this was due to the number of people who connected to the point or whether the signal level had dropped again.
The ping of the broadcast address of the Egg subnet showed only two clients and one ip, which was clearly not the address of the router and was not part of the client address pool:
Going to http://192.168.1.254 and entering the default admin / admin, I got access to all the settings of the router without the knowledge of its owner, because he knew only about the control panel described in the user manual http://192.168.1.1 , the password for which he changed, following the instructions of the same manual, immediately after purchase.
As it turned out (in principle, this was not a big secret) Yota Egg is the device of the Korean company Interbro KWI B2200, to the administrative part of which I got.
Apparently, the original kwi b2200 interface seemed to Yota's people not too friendly for the average user (it's hard to argue with), so they created their own admin panel
(and why show the supplier’s logo once again?), described its interface and settings in the manual, but they forgot to change the password to the “real” control panel.
Below are some screenshots (thanks, Mofas ) of the control panel from Yota and from Interbro:
In no case do not want negative in the direction of the company Yota, but still want to warn users of this wonderful device from vulnerability.
All you need to do is access the web browser with the address 192.168.1.254, enter the admin / admin username / password and change the password to a new one in Management → Password.
Did you know that access to it is closed by the same login / password admin / admin pair for all devices?
')
As found
My classmate and friend Mofas from purely altruistic motives shares the internet of his Yota Egg for everyone around (for example, in the university canteen, for his classmates).
The other day, when the Internet speed went down to unacceptable tens of kbps, I decided to see if this was due to the number of people who connected to the point or whether the signal level had dropped again.
The ping of the broadcast address of the Egg subnet showed only two clients and one ip, which was clearly not the address of the router and was not part of the client address pool:
Going to http://192.168.1.254 and entering the default admin / admin, I got access to all the settings of the router without the knowledge of its owner, because he knew only about the control panel described in the user manual http://192.168.1.1 , the password for which he changed, following the instructions of the same manual, immediately after purchase.
How did that happen?
As it turned out (in principle, this was not a big secret) Yota Egg is the device of the Korean company Interbro KWI B2200, to the administrative part of which I got.
Apparently, the original kwi b2200 interface seemed to Yota's people not too friendly for the average user (it's hard to argue with), so they created their own admin panel
(and why show the supplier’s logo once again?), described its interface and settings in the manual, but they forgot to change the password to the “real” control panel.
Below are some screenshots (thanks, Mofas ) of the control panel from Yota and from Interbro:
In no case do not want negative in the direction of the company Yota, but still want to warn users of this wonderful device from vulnerability.
All you need to do is access the web browser with the address 192.168.1.254, enter the admin / admin username / password and change the password to a new one in Management → Password.
Source: https://habr.com/ru/post/79395/
All Articles