CERT issued a warning on Tuesday over a vulnerability in DSL routers that contained the same hard-coded credentials.
The routers, sold primarily by foreign companies, contain hard-coded credentials used in the devices' telnet service, CERT wrote. Impacted vendors include AsusTek Computer Inc., DIGICOM, Observa Telecom, Philippine Long Distance Telephone and ZTE Corporation.
Although ZTE Corporation's router, ZTE ZXV10 W300, had its vulnerability disclosed earlier this year, researchers and CERT weren't aware it impacted other devices. The Observa Telecom RTA01N router vulnerability was also disclosed earlier this year.
Affected devices use the password “XXXXairocon,” but the four x's are replaced with the last four characters of a device's MAC address. This address can be obtained over SNMP with community string “public,” CERT wrote.
The government agency recommends both enabling firewall rules so the “telnet service of the device is not accessible to untrusted sources,” and so SNMP is blocked on the device.