A Brazilian ISP appears to have deployed routers without a Telnet password for nearly 5,000 customers, leaving the devices wide open to abuse.
The devices have been discovered this week by
Ankit Anubhav, Principal Researcher at
NewSky Security, a cyber-security company specialized in IoT security.
All exposed devices are Datacom routers the ISP —Oi Internet— has provided to customers. Anubhav says he identified three types of Datacom routers —DM991CR, DM706CR, and DM991CS.
Type ENTER to hack
Some devices featured a Telnet password, but the vast majority allowed anyone to connect to the router and alter its configuration.
...
...