5 comments

[ 0.24 ms ] story [ 17.3 ms ] thread
Including "running Tomato" is a great step. Too often, these warnings, which a great deal of the time are only relevant to machines running Windows, do not include "running X" in the title, so everyone, even those not running X, have to read the article to ensure they're not vulnerable. I believe journalistic integrity demands that the OS/App/whatever appear in the title.
... only vulnerable if the default has been changed to ALLOW remote administration, and are using the default admin:admin or root:admin credentials.
How big a group of routers is this? How does one get smart enough to go into the advanced options to enable remote administration, but not smart enough to set the root password first?

I partially blame Tomato for this. It shouldn't allow you to enable remote admin until you've changed the passwords.

Shodan returns some 5100 Tomato servers, with about 1500 running web services (presumably the remote administration). I would bet that a fair number of those 1500 servers (maybe 10%?) have the default password, but I'm not going to check.
Why/how would you be smart enough to run custom firmware on your router, but not set your password, even while enabling remote administration?

(Are routers pre-loaded with Tomato being sold to naive people somewhere?)