So you prefer the documented default password? What did you gain? The information is on the manufacturers website, in all manuals, in all wiki’s and fora.
The information is preset in every hacking tool. You will have to look it up, because you forgot it. https://www.192-168-1-1-ip.co/avm/routers/215/
Set your passwords before you connect the device to any network. Where is that attacker now? Next to you? Waiting for someone to initiate a new device? For quite some devices the wifi in the only way in with the default configuration. The hacker could have changed the password before you can get in. He may have opened your box before you (, and enabled protected Routerboot)
Cube60 (wireless wire pair) has the paswords generated and printed on the device because they are matched. I absolutly hate this as implementor. That label must be removed for security reasons (it’s an outdoor unit), and then someone had to do a hard-reset. … where is that information now ???
I prefer a preinstalled secure default password for router access and wifi, AVM is delivering it for example printed on a card, you can lock this card if you want or destroy it and store the password in an encrypted vault.
Especially open wifi is a big security breach. This Chateau routers have ethernet ports. There is no need for open wifi.
No. But I’m sure there are other options on the market which put more emphasis on doing all of the thinking for the person responsible for configuration, or appeasing paranoia by replacing a blank password with one just as easy guessed, which you are free to use instead if you have those requirements (or wish to be so sarcastic/dogmatic).
Suffice it to say that you’re supposed to ensure that your router is secured before exposing it to a vulnerable environment. It’s nice that you think every authentication prompt should include two-factor authentication with an enforced biometric scan, or even that each router should come with a unique randomized password printed on a label on the underside. And yes there may well be might be merits to such suggestions… But they’re also going to slow the rest of us down if implemented… and what do you know? Spoon feeding isn’t for everyone after all.
If you are hacked when using any new appliance then the egg is on your face for having opened the router to the public before or while configuring.
Rule of thumb dont connect to the WWW until the router is properly setup.
RouterOS does not start up differently for different devices. And for all devices with just one ethernet port (wAP, cAP, mAP, SXT, …) the wifi must be started, or one will never get in after reset. Because in the default ROS setting the first ethernet port is set to WAN level access, denying all incoming traffic. (So it is safe to plug it in before one did set the proper protection)
And with a Hotspot in many cases the wifi is just open for the Hotspot service.
Actually you cannot help that with a CHR, can’t you?
AFAIR dhcp-client is active on ether1 by default and I personally had the bots in at some occasions, before I could either drop ether1 or change the default admin user/pwd
Well, only a nuisance as well, since by using the VPS/Root-Server Control Panel CLI you can safely redo from scratch but still…
Any change by other users should be visible in the log, but i think an intruder could remove it very fast, otherwise i saw a no log option for executions (log=no log) yesterday.
I noticed also a script execution after reset. But no user or script name. I think it’s Mikrotik reset script. This open wifi scared me a lot. Automated bots could exploit this breach very fast.
.