Knock Knock. Who’s there? Admin. Come right in!

By /
otonata dragonfly inspecting an open point of entry

TL;DR Summary:

Our Network Scan found that the client’s Linksys router still had factory-set admin credentials, allowing anyone nearby, or potentially online, to access its settings without breaking a sweat.

Client Profile

Client Mango Otter* is a technology thought leader who works from a sunny home studio filled with smart speakers, an iPad Pro, and a robot vacuum named “Jeff.” With most of their work and relaxation powered by Wi-Fi, a secure network is essential to their lifestyle.

Issues in Summary

Default Credentials Left the Door Wide Open

During a routine network scan, we identified that the Linksys router was accessible using its default login: admin/admin – an open invitation for digital intruders. This was confirmed on the router’s web interface running over port 80 (HTTP).

The scan flagged this as a High severity issue with a CVSS score of 9.8, which is about as critical as it gets. The finding comes from the test: HTTP Brute Force Logins With Default Credentials Reporting, which checks for easy-to-guess logins.

CVE-1999-0501 and CVE-2023-32645 (among others) highlight how devices with unchanged default credentials can be exploited quickly – even automated tools can find and abuse them.

Why is it dangerous?
  • Everyone knows “admin:admin” – it’s like leaving your front door key under the mat.
  • Attackers don’t need any special hacking skills – just patience and basic tools.
  • Once inside, they can change critical settings or monitor your traffic.
  • This kind of vulnerability appears in CISA’s Known Exploited Vulnerabilities (KEV) list, which means it’s actively used by bad actors.
What can attackers do?
  1. Access private settings and network info, including connected device details.
  2. Change DNS or firewall settings to redirect or spy on web traffic.
  3. Lock you out or install malicious firmware, effectively turning your router against you.

Fixes now and for later

Once notified, Mango Otter changed the default admin password to a strong, randomly generated one, cutting off this easy entry point immediately.

For the long-term, we suggested a full review of all smart devices and encouraged setting up routine credential audits, especially on legacy hardware or anything installed “out of the box” without changes.

Key Takeaways

  • Always change factory-set passwords on routers and devices-even if they “just work.”
  • High CVSS scores mean business, serious business.
  • It’s easy to overlook the basics during setup, getting help to check your work can pay off

Related Posts

1 thought on “Knock Knock. Who’s there? Admin. Come right in!”

  1. Pingback: One Weak Password lost 700 Jobs – Otonata Cybersecurity

Comments are closed.

Scroll to Top