VULHUB ™

It has been reported that the firmware shipped with the X-Micro 11b Broadband Router has built-in an administrative account that cannot be disabled. The account, username and password "super", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device. According to the author of the report, the built-in administration webserver listens on both internal and external interfaces. Attackers may authenticate with the "super" account from outside of the LAN and gain control of the device through this web interface. Once authenticated, it is possible for attackers to install new firmware on the device. **It has been reported that version 1.6.0.1 of WLAN 11b Broadband Router also contains a built-in an administrative account that cannot be disabled. The account, username and password "1502", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device.

It has been reported that the firmware shipped with the X-Micro 11b Broadband Router has built-in an administrative account that cannot be disabled. The account, username and password "super", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device. According to the author of the report, the built-in administration webserver listens on both internal and external interfaces. Attackers may authenticate with the "super" account from outside of the LAN and gain control of the device through this web interface. Once authenticated, it is possible for attackers to install new firmware on the device. **It has been reported that version 1.6.0.1 of WLAN 11b Broadband Router also contains a built-in an administrative account that cannot be disabled. The account, username and password "1502", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device.