DSL routers prone to remote hacking, says Carnegie Mellon University CERT report

It appears that hackers have found vulnerabilities in a number of DSL routers from four major manufacturers that allow the devices to be accessed remotely via a hidden administrator account. An alert issued by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University revealed that DSL routers from Asus, Digicom, Philippine Long Distance Telephone (PLDT), and ZTE are affected by this issue.

What's common about these devices is that the majority of them have a user name corresponding to the hard-coded password listed as "admin," while PLDT's SpeedSurf 504 DSL router is "adminpldt." CERT said that a hacker can use these credentials to get administrator access to the affected devices over their telnet service.

Although a separate group of researchers last year revealed the vulnerability in the ZTE ZXV10 and W300 routers and in May for the Observa Telecom RTA01N, only recently did CERT find that the other devices were also affected. ComputerWorld article