Hacking Into Your Router’s Administrative Interface

zte_zxdsl_router_hack

[Arto] recently upgraded his home Internet subscription from an ADSL to VDSL, and with that change received a shiny new ZTE ZXDSL 931WII modem/wireless router. Once he had it installed, he started to go about his normal routine of changing the administrator password, setting up port forwarding, and configuring the wireless security settings…or at least he tried to.

It seems that he was completely unable to access the router’s configuration panel, and after sitting on the phone with his ISP’s “support” personnel, he was informed that there was no way for him to tweak even a single setting.

Undaunted, he cracked the router open and started poking around. He quickly identified a serial port, and after putting together a simple RS232 transceiver, was able to access the router’s telnet interface. It took quite a bit of experimentation and a good handful of help from online forums, but [Arto] was eventually able to upload an older firmware image to the device which gave him the configuration tools he was looking for.

Aside from a few Ethernet timeout issues, the router is now performing to his satisfaction. However, as a final bit of salt in his wounds, he recently read that the admin panel he was originally seeking can be accessed via the router’s WAN interface using a well-known default password – frustrating and incredibly insecure, all at the same time! He says that he learned quite a few things along the way, so not all was lost.