Hidden user account in Huawei ADSL routers!
Most BSNL Broadband users use Huawei ADSL routers.
It is also a well known fact that the default username and password of the router is admin and admin.
This password can be changed through the web interface.
But I discovered a hidden user account with full priveleges which can be used to access the router even after changing the default password.
You can now login into the web interface with username and password as supervisor.
If you try changing the password here,the default user(admin)’s password gets changed.
You can still login with supervisor as user and pass.
This can be handy and dangerous at times.
Hackers can use this to access your router and wreck havoc.
On the other hand ,if somebody forgot their default password,the ADSL router need not be reset to access the configuration page.The supervisor account can be used to configure the router and change the default password.
How I found this account
I connected to the router using telnet
After logging in with the default username and password I typed system set user ?
The console displayed two users,admin and supervisor.
Then I tried accessing the router’s configuration with user and pass as supervisor and it worked!
Tested on Huawei MT841