This alert from US-Cert provides a strong recommendation for changing the passwords from the default manufacturer passwords. This suggestion is one of those pieces of advice that should really go without saying, but the impact section of the alert provides some good examples where the failure to change a default password has resulted in some serious negative consquences. The examples range from
fake emergency alert system warnings about zombies to more well-known threats like
Stuxnet. The alert also suggests running a vulnerability scan on your network using a utility like
Metasploit or
OpenVAS.
The solutions provided are always good advice:
1. Change Default Passwords
2. Use Unique Default Passwords
3. Use Alternative Authentication Mechanisms
4. Force Default Password Changes
5. Restrict Network Access
6. Identify Affected Products
Read the full alert
here.
