Motorola cable modems ship with default login and password

motorola-cable-default-pass (2002) The risk level is classified as MediumMedium Risk

Description:

It is possible for a remote user to connect to port 1024 of Motorola Cable Modems and reconfigure the router using the default login and password (cablecom/router).


Consequences:

Gain Access

Remedy:

No remedy available as of September 1, 2014.

References:

  • BugTraq Mailing List, Sun, 10 May 1998 08:43:50 -0500: Security Vulnerability in Motorola CableRouters.
  • CVE-1999-0508: An account on a router, firewall, or other network device has a default, null, blank, or missing password.
  • CVE-1999-0571: A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.
  • CVE-1999-0816: The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.
  • OSVDB ID: 7298: Motorola CableRouter Unauthorized Remote Administration

Platforms Affected:

  • Motorola Motorola Cable Modems

Reported:

May 10, 1998

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page