Sunday, April 03, 2005

StreamyX's Gift: ZTE ZXDSL 831 modem

We've found out long ago, perhaps sometime around last year or maybe 2 years ago when StreamyX package came with a gift, a free modem, there would be a problem. Apparently though, somehow, the TM Net stuff either forgot to tell the customer or the customer themselves neglect the most important thing, the default settings for the modem. You see, the ZTE AZDSL 831 modem defaults setting allows HTTP access to the administration page of the router through WAN. That's alright though but apparently most of the users never change the default password either. What does this mean? You have full access to their routers. Well, its not surprising that we're not the only one who know this fact. Someone eventually will notice it. It did. Unlike us though, these guys are willingly stealing StreamyX password and using it for free sms. Apparently, StreamyX users can use the sms feature, where you send sms through the web using your StreamyX account and it will be charge in the next bill. Too bad for all those ignorant people. As this involves RM aka MONEY, someone going to get the heat. A lot of heat too. Since such things are highly illegal. I notice as well, even the default streamyX password given by TMNET was neglected to be changed. Don't ask me why, but streamyX gives a set of default password and it's really easy to try every one of them. Don't forget to change your SNMP string too. If you don't know what it is, you obviously need to learn quickly.

Default adminstration access to the modem said above:
Username: ZXDSL or Username: ADSL
Password: ZXDSL or Password: expert03

*Echoing an adminstrator in Attrition.org, "Stay away from the computer if you do not know how to use it properly. Obviously it will harm you more then you harming it"

2 comments:

Adriel D.K said...

*Adriel was the first person to exploit its function, even thought he did email telekom about it. There was no reply, so Adriel guess it is not ilegal to access and check the streamyx passwords :P

|^2Sane| said...

*lol* It's illegal under the law. Regardless, if Telekom replied or not, the router's security falls under the user's provision and not under Telekom. In layman's term, the users f*ck themselves up due to their ignorance.