til icon indicating copy to clipboard operation
til copied to clipboard

Published 20 hours ago verified publisher icon anitsh

CLI access home Nokia router

Open anitsh opened this issue 5 years ago • 5 comments

Issue

Unable to SSH into the router with new password which was changed from Web GUI.

Device Infromation:

  • Device Name G-120W-F
  • Vendor Nokia
  • Serial Number ALCLFA5733B8
  • Hardware Version 3FE46921BAAA
  • Boot Version U-Boot Dec-31-2016--12:00:00
  • Software Version 3FE46606DFHB46
  • Chipset MTK7526FD
  • OS Zebra, vty shell

Conclusion

I am able SSH. The main reason for being unable to SSH the router previously was that I tried to access using the new password which I changed via web interface. And even forgot the default/previous password. Later, I found default password and tried with it and got SSH login. The interesting thing is although I had changed the password, it took, the previous default password.

Unable to access the shell. This issue being discussed at #99 .

Detail

Default login for SSH and Telnet CLI AdminGPON / ALC#FGU.

This logins to user, and privileges below:


Hello, Welcome to User CLI (version 0.95).

user> ? // list commands
  enable  Turn on privileged mode command
  help    Description of the interactive help system
  list    Print command list
  show    Show running system information
user> enable                                                                                                                                         
user# ?
  configure  Configuration from vty interface
  disable    Turn off privileged mode command
  exit       Exit current mode and down to previous mode
  help       Description of the interactive help system
  list       Print command list
  nslookup   Query nameserver for the specified host
  ping       Send echo messages
  reboot     Reboot system.
  shell      start shell, need to input the dynamic password
  show       Show information from vty interface
  tftp       Transfer a file to tftp server.
user# shell
Password: // Requires password which is unknown. Tried with AdminGPON's CLI/Web. And few others.

There is also another web login adminUser/6632698134. This does not work for SSH/Telnet access.

"Telnet access to this router was possible via the ONTUSER / SUGAR2A041 ‘backdoor’ account, before an update was deployed sometime in June 2018" - from the article. So there seems to be vulnerabilities/security issues. It has been patched. ONTUSER / SUGAR2A041 does NOT work with Web/SSH access.

anitsh avatar May 07 '20 05:05 anitsh

Access from ssh is successful. The problem was new password did not work so had to find the old default password. Also found some more vulnerability issues in the router.

anitsh avatar May 16 '20 05:05 anitsh

  • [ ] Resource found on Nokia router https://documentation.nokia.com/cgi-bin/dbaccessfilename.cgi/3HE11598AAAATQZZA01_V1_Advanced%20Configuration%20Guide%20for%207450%20ESS%207750%20SR%20and%207950%20XRS%20for%20Releases%20up%20to%2014.0.R5%20-%20Part%20I.pdf

https://0x41.cf/reversing/2019/10/08/unlocking-nokia-g240wa.html This a great read on the router which mentions about the backdoor and security issues and vulnerabilities. And also recovered the default password to login via CLI.

Also there is no way to manage the users from the web view.

anitsh avatar May 17 '20 05:05 anitsh

New issue created for further research on security.

anitsh avatar May 17 '20 05:05 anitsh

ONTUSER / SUGAR2A041 does NOT work with Web/SSH access.

anitsh avatar May 23 '20 11:05 anitsh

On some routers, the 'Dynamic password' or 'Password2' is '; /bin/sh; #

alexceltare2 avatar Oct 06 '23 09:10 alexceltare2