Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of password for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more users guides distributed by ISPs state At a minimum, you should set a login password.
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Arris_tg1682g_firmware | Commscope | 9.1.103j6 (including) | 9.1.103j6 (including) |
Developers often choose default values that leave the product as open and easy to use as possible out-of-the-box, under the assumption that the administrator can (or should) change the default value. However, this ease-of-use comes at a cost when the default is insecure and the administrator does not change it.