According to this link, SEC Consult has found a vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers. The vulnerability allows an attacker to change the password of the admin user. An attacker can gain access to the device, access the network behind it and launch further attacks, add devices into a Mirai-like botnet or just simply spy on the user. Andrew Clarke, EMEA Director at One Identity commented below.
Andrew Clarke, EMEA Director at One Identity:
“Devices such as firewalls and routers and more recently IoT devices are connected to a network with default settings – this includes the administrative account. Companies need to consider the power behind the administrator account and place more control around its usage.
By placing administrative passwords within a privileged management safe; and then controlling who gets access to those passwords backed up by approval processes will alleviate the risks that occur when the administrative account is attacked.
The issues experienced by the WiMAX routers would not occur as the fundamental attack vector which is being used would be under tight security management and could not be abused. Any backdoor administrative accounts added would be detected and immediately placed under privileged password management control.”
