![]() ![]() Those two will be sufficient to deduce the first 3 bytes of the MAC address with high confidence. Additionally from the login page the adversary could likely tell the vendor and firmware version of the router. The adversary would only need to know one of those MAC addresses in order to deduce the rest. ![]() And in case the router has a builtin USB-Ethernet adapter, that one may be adjacent to the other two. On some routers you will see the LAN and WAN interfaces being assigned adjacent Ethernet addresses. ![]() Should the vendor have chosen to create usernames with each of the MAC addresses (in the name of usability), that could lead to an interesting vulnerability where changing the default password of one of the users to something more secure would still leave the other username(s) with the default password. One important followup question is: Which MAC address? The router will most likely have at least one MAC address for the WAN side and one for the LAN side. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |