SSH default user name and password
Hardware Version : Not Clear
Firmware Version :
ISP :
Hi there
I have a Archer C3200. Any one knows the SSH user name and password? There is nothing in the user guide and the GUI about SSH and I don't like to have an uncontrolled open service with a unknown username and password I cant change or deactivate.
Thanks!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I wan't to install openwrt in my vr200 and this would be of great help
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I agree with the other points that having a running SSH on Port 22 at home and not having access, does not feel good. Especially in light of a recent OpenVAS scan that produced the result below on my TP-Link TL-WA855RE. I checked my Tether app and it says it has the latest update; however, with a vulnerability like this, and no update, ths is just not good. Please let me know when this will be fixed and what your process is for making sure what is hosting SSH is kept up-to-date, if you will not give consumers access?
Product detection result
cpe:/a:dropbear_ssh_project:dropbear_ssh:2015.67
Detected by Dropbear SSH Detection (OID: 1.3.6.1.4.1.25623.1.0.105112)
Summary
Dropbear SSH is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed version: 2015.67
Fixed version: 2016.74
Impact
An authenticated attacker may run arbitrary code.
Solution
Solution type: VendorFix
Update to 2016.74 or later.
A_ected Software/OS
Dropbear SSH 2016.73 and prior.
Vulnerability Insight
Dropbear SSH is prone to multiple vulnerabilities:
- Message printout was vulnerable to format string injection. A dbclient user who can control
username or host arguments could potentially run arbitrary code as the dbclient user. (CVE-
2016-7406)
- dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert
user when parsing malicious key _les. (CVE-2016-7407)
- dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are
provided. (CVE-2016-7408)
- bclient or dropbear server could expose process memory to the running user if compiled with
DEBUG_TRACE and running with -v. (CVE-2016-7409)
Vulnerability Detection Method
Checks if a vulnerable version is present on the target host.
Details: Dropbear SSH Multiple Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.106381
Version used: 2020-03-09T10:54:00+0000
Product Detection Result
Product: cpe:/a:dropbear_ssh_project:dropbear_ssh:2015.67
Method: Dropbear SSH Detection
OID: 1.3.6.1.4.1.25623.1.0.105112)
References
CVE: CVE-2016-7406, CVE-2016-7407, CVE-2016-7408, CVE-2016-7409
Other:
URL:http://www.openwall.com/lists/oss-security/2016/09/14/7
- Copy Link
- Report Inappropriate Content
@vstefanoxx how did you ssh to the router what is the password for VR400?
- Copy Link
- Report Inappropriate Content
@tplink this vulnerability appears to be related -
https://labs.f-secure.com/advisories/tp-link-ac1750-pwn2own-2019/ - (if not, happy to break out into a separate post if you like).
It looks like this CV was addressed in a firmware update for the A7 but not the C7. Please advise.
- Copy Link
- Report Inappropriate Content
Same problem on Archer C7 v5, no way, we can connect with ssh@root, but no password for this is known.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Gao Tengo 2 TL-WA850RE (V6.0 y V5.0), los dos con el mismo problema el puerto 22 esta abierto.
ssh root@192.168.1.18
No se puede establecer la autenticidad del host '192.168.1.18 (192.168.1.18)'.
La huella digital de la clave RSA es SHA256: UxXXXXXXXXX / 99mF2UyVIL61PCraaOfzhKXXXXXXXXX.
¿Está seguro de que desea continuar con la conexión (sí / no / [huella digital])? y
Por favor escriba 'sí', 'no' o la huella digital: sí
Advertencia: Se agregó permanentemente '192.168.1.18' (RSA) a la lista de hosts conocidos.
root@192.168.1.18's contraseña:
/usr/bin/ssh-audit 192.168.1.18
# general
(gen) banner: SSH-2.0-dropbear_2012.55
(gen) software: Dropbear SSH 2012.55
(gen) compatibility: OpenSSH 3.9-6.6, Dropbear SSH 0.53-2014.66
(gen) compression: disabled
# encryption algorithms (ciphers)
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
# fingerprints
(fin) ssh-rsa: SHA256:UxXXXXXXXXX/99mF2UyVIL61PCraaOfzhKXXXXXXXXX
- Copy Link
- Report Inappropriate Content
Hi,
I have an Archer Mr600 v2.
I wanted to SSH into id but reading this thread it seems it won't be possible.
Anyway, i did the ssh-audit and this is the result:
# general
(gen) banner: SSH-2.0-dropbear_2017.75
(gen) software: Dropbear SSH 2017.75
(gen) compatibility: OpenSSH 6.5-6.6, Dropbear SSH 2013.62-2014.66
(gen) compression: disabled
# key exchange algorithms
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
`- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
`- [warn] using small 1024-bit modulus
`- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
(kex) kexguess2@matt.ucc.asn.au -- [info] available since Dropbear SSH 2013.57
# host-key algorithms
(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
`- [warn] using small 1024-bit modulus
`- [warn] using weak random number generator could reveal the key
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
# encryption algorithms (ciphers)
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
`- [warn] using weak cipher mode
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
`- [warn] using weak cipher mode
`- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
(enc) twofish256-cbc -- [fail] disabled since Dropbear SSH 2015.67
`- [warn] using weak cipher mode
`- [info] available since Dropbear SSH 0.47
(enc) twofish-cbc -- [fail] disabled since Dropbear SSH 2015.67
`- [warn] using weak cipher mode
`- [info] available since Dropbear SSH 0.28
(enc) twofish128-cbc -- [fail] disabled since Dropbear SSH 2015.67
`- [warn] using weak cipher mode
`- [info] available since Dropbear SSH 0.47
(enc) 3des-ctr -- [info] available since Dropbear SSH 0.52
(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
`- [warn] using weak cipher
`- [warn] using weak cipher mode
`- [warn] using small 64-bit block size
`- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
# message authentication code algorithms
(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
`- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
`- [warn] using encrypt-and-MAC mode
`- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
`- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
`- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
`- [warn] using encrypt-and-MAC mode
`- [warn] using weak hashing algorithm
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
# algorithm recommendations (for Dropbear SSH 2017.75)
(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
(rec) +diffie-hellman-group14-sha256-- kex algorithm to append
(rec) +diffie-hellman-group16-sha512-- kex algorithm to append
(rec) -ssh-dss -- key algorithm to remove
(rec) -3des-cbc -- enc algorithm to remove
(rec) -twofish-cbc -- enc algorithm to remove
(rec) -twofish128-cbc -- enc algorithm to remove
(rec) -twofish256-cbc -- enc algorithm to remove
(rec) -aes128-cbc -- enc algorithm to remove
(rec) -aes256-cbc -- enc algorithm to remove
(rec) +twofish128-ctr -- enc algorithm to append
(rec) +twofish256-ctr -- enc algorithm to append
(rec) -hmac-sha1 -- mac algorithm to remove
(rec) -hmac-sha1-96 -- mac algorithm to remove
(rec) -hmac-md5 -- mac algorithm to remove
I'm not an ssh expert, but i see there are too many red lines...
What do you thing about it?
Thanks
Daniele
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 170244
Replies: 28
Voters 0
No one has voted for it yet.