HP R110 Wireless 11n VPN AM Router Credential exposure.

I had recently purchased a HP R110 Wireless 11n VPN AM Router (Product No: J9974A).

223867

I had noticed that it by default communicates via http instead of https, the reason this is an issue is that every single request the user sends after logging in is sent with the login and password in  get/post requests to the router.

img_20181206_181635.jpg

I apologize for the bad “screenshot” phone camera photo.

The ‘username=admin; password=admin’  shows up in every request after login.  I used the default credentials in this example so that i didn’t give my own away.
This might not seem like a big deal but anyone sniffing the network could obtain these credentials.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s