Hello,
is this a joke? Your mikrotik devices like the Chateau series routers have no admin password or wifi password at stock config.
You have to change the admin password fast and disable the wifi until you secured it also with a password.
But there is enough time for an attacker. I always look after reset if the logs are showing any other login than my computer is visible.
Every serious router manufacturer (for example AVM) has a secure router and wifi password at default.
Please fix it with newer firmwares.
Best regards
JSD42
Re: Stock config has no password and much worse no wifi password
So you prefer the documented default password? What did you gain? The information is on the manufacturers website, in all manuals, in all wiki's and fora.
The information is preset in every hacking tool. You will have to look it up, because you forgot it. https://www.192-168-1-1-ip.co/avm/routers/215/
Set your passwords before you connect the device to any network. Where is that attacker now? Next to you? Waiting for someone to initiate a new device? For quite some devices the wifi in the only way in with the default configuration. The hacker could have changed the password before you can get in. He may have opened your box before you (, and enabled protected Routerboot)
Cube60 (wireless wire pair) has the paswords generated and printed on the device because they are matched. I absolutly hate this as implementor. That label must be removed for security reasons (it's an outdoor unit), and then someone had to do a hard-reset. ...... where is that information now ????
The information is preset in every hacking tool. You will have to look it up, because you forgot it. https://www.192-168-1-1-ip.co/avm/routers/215/
Set your passwords before you connect the device to any network. Where is that attacker now? Next to you? Waiting for someone to initiate a new device? For quite some devices the wifi in the only way in with the default configuration. The hacker could have changed the password before you can get in. He may have opened your box before you (, and enabled protected Routerboot)
Cube60 (wireless wire pair) has the paswords generated and printed on the device because they are matched. I absolutly hate this as implementor. That label must be removed for security reasons (it's an outdoor unit), and then someone had to do a hard-reset. ...... where is that information now ????
Re: Stock config has no password and much worse no wifi password
I prefer a preinstalled secure default password for router access and wifi, AVM is delivering it for example printed on a card, you can lock this card if you want or destroy it and store the password in an encrypted vault.
Especially open wifi is a big security breach. This Chateau routers have ethernet ports. There is no need for open wifi.
Especially open wifi is a big security breach. This Chateau routers have ethernet ports. There is no need for open wifi.
Re: Stock config has no password and much worse no wifi password
No. But I'm sure there are other options on the market which put more emphasis on doing all of the thinking for the person responsible for configuration, or appeasing paranoia by replacing a blank password with one just as easy guessed, which you are free to use instead if you have those requirements (or wish to be so sarcastic/dogmatic).Hello,
is this a joke?
Suffice it to say that you're supposed to ensure that your router is secured before exposing it to a vulnerable environment. It's nice that you think every authentication prompt should include two-factor authentication with an enforced biometric scan, or even that each router should come with a unique randomized password printed on a label on the underside. And yes there may well be might be merits to such suggestions... But they're also going to slow the rest of us down if implemented... and what do you know? Spoon feeding isn't for everyone after all.
-
-
404Network
Member Candidate
- Posts: 285
- Joined:
Re: Stock config has no password and much worse no wifi password
If you are hacked when using any new appliance then the egg is on your face for having opened the router to the public before or while configuring.
Rule of thumb dont connect to the WWW until the router is properly setup.
Rule of thumb dont connect to the WWW until the router is properly setup.
Re: Stock config has no password and much worse no wifi password
Yep, you are all right no admin password and no wifi password isn't a big hole 
.
Openwrt for example has wifi deactivated by default, because it's no wifi password set.
.Openwrt for example has wifi deactivated by default, because it's no wifi password set.
Re: Stock config has no password and much worse no wifi password
RouterOS does not start up differently for different devices. And for all devices with just one ethernet port (wAP, cAP, mAP, SXT,, ...) the wifi must be started, or one will never get in after reset. Because in the default ROS setting the first ethernet port is set to WAN level access, denying all incoming traffic. (So it is safe to plug it in before one did set the proper protection)
And with a Hotspot in many cases the wifi is just open for the Hotspot service.
And with a Hotspot in many cases the wifi is just open for the Hotspot service.
Re: Stock config has no password and much worse no wifi password
Actually you cannot help that with a CHR, can't you?If you are hacked when using any new appliance then the egg is on your face for having opened the router to the public before or while configuring.
AFAIR dhcp-client is active on ether1 by default and I personally had the bots in at some occasions, before I could either drop ether1 or change the default admin user/pwd
Well, only a nuisance as well, since by using the VPS/Root-Server Control Panel CLI you can safely redo from scratch but still....
Re: Stock config has no password and much worse no wifi password
CHR can be configured from the console without any network connections in place.Actually you cannot help that with a CHR, can't you?
Re: Stock config has no password and much worse no wifi password
@Hominidae
Any change by other users should be visible in the log, but i think an intruder could remove it very fast, otherwise i saw a no log option for executions (log=no log) yesterday.
I noticed also a script execution after reset. But no user or script name. I think it's Mikrotik reset script. This open wifi scared me a lot. Automated bots could exploit this breach very fast.
Any change by other users should be visible in the log, but i think an intruder could remove it very fast, otherwise i saw a no log option for executions (log=no log) yesterday.
I noticed also a script execution after reset. But no user or script name. I think it's Mikrotik reset script. This open wifi scared me a lot. Automated bots could exploit this breach very fast.
Re: Stock config has no password and much worse no wifi password
Thanks. But apart from the link that you mentioned, This Link also helped me.So you prefer the documented default password? What did you gain? The information is on the manufacturers website, in all manuals, in all wiki's and fora.
The information is preset in every hacking tool. You will have to look it up, because you forgot it. https://www.192-168-1-1-ip.co/avm/routers/215/
Set your passwords before you connect the device to any network. Where is that attacker now? Next to you? Waiting for someone to initiate a new device? For quite some devices the wifi in the only way in with the default configuration. The hacker could have changed the password before you can get in. He may have opened your box before you (, and enabled protected Routerboot)
Cube60 (wireless wire pair) has the paswords generated and printed on the device because they are matched. I absolutly hate this as implementor. That label must be removed for security reasons (it's an outdoor unit), and then someone had to do a hard-reset. ...... where is that information now ????