Jul
23
2008

Hidden user account in Huawei ADSL routers!

Most BSNL Broadband users use Huawei ADSL routers.
It is also a well known fact that the default username and password of the router is admin and admin.
This password can be changed through the web interface.

But I discovered a hidden user account with full priveleges which can be used to access the router even after changing the default password.

Username:supervisor
Password:supervisor

You can now login into the web interface with username and password as supervisor.
If you try changing the password here,the default user(admin)’s password gets changed.
You can still login with supervisor as user and pass.

This can be handy and dangerous at times.
Hackers can use this to access your router and wreck havoc.
On the other hand ,if somebody forgot their default password,the ADSL router need not be reset to access the configuration page.The supervisor account can be used to configure the router and change the default password.

How I found this account

I connected to the router using telnet
After logging in with the default username and password I typed system set user ?

The console displayed two users,admin and supervisor.
Then I tried accessing the router’s configuration with user and pass as supervisor and it worked!

Tested on Huawei MT841

[ad]

«

»

About the Author: Bharat Balegere

Bharat Balegere is a 27 year old blogger from Bengaluru. He is a technology enthusiast and loves tinkering with computers and usb drives.

10 Comments + Add Comment

  • Dear Friend,
    I have observed that after resetting the password in the user management interface, I find that the password gets reset to admin when I log in after say a day or so.
    Does Idle time setting has any role in this?
    Have you studied more on the vulnerabilities of this router? what are the implications about setting the Idle time limit to 0 or very high figure such as 1200 mts?
    I would be happy if you can send me a response on my e-mail along with any other observations on WiFi router security for Netizens.

  • Regarding your query on the admin password resetting in the next login:
    Once you change the password from the User Management (192.168.1.1)
    You must click on Save All or any changes you have made to the router will not be saved.
    If you do not click on Save All then ,when you restart your ADSL Router ,you will still see the old settings.The password will still be the same as the changes you had made earlier were not saved.

    The idle time does not have role in changing of router password.
    To prevent any unauthorized changes to your router from Remote Locations you must disable HTTP Remote WAN Access and Telnet Remote WAN Access in Advanced-WAN Access.

    If you set the idle time 0 then you will not be able to access internet or the User Management area of the Router.

    Wi-Fi security :-Make sure you are using WEP or WPA-PSK encryption.
    To harden your security go to Basic-DHCP-Address Pools.
    Change the Start address and the End address such that difference between the addresses is equal to the number of computers using the router.
    If 5 computers are using the router then set the Start Address to 192.168.1.2 and the End Address to 192.168.1.7.
    This helps in preventing any unauthorized attempts on accessing your router as the router will be not lease an IP Address to the unauthorized computer.

  • Hello
    I am using Huawei HG520S router. I want to forward my port to speed up downloads in utorrents. When I try to access my router setting by pitting the address http://192.168.1.1 , it prompts me for a username and password. I’ve forgotten them, asked the ISP , but the passwrd was useless. Then i tried to reset the router by pressing the reset button for 10 secs and got router reset and then entered default usrnme and paswrd(i.e admin), but it was useless. Plllllllllzzzzzzzzz help me plzzzzzzzzzzzzzzzzzzzzzzzzzz.

  • How do I change the admin admin password in a Huawei HG-520s wireless adsl router? I cant do anything from its menu except for creating new users with user and not administrator privileges……

  • In my opinion, the Adsl techonology has a great development overtime. Thanks for this usefull post, i’ve just make it a digg.
    Kind regards
    Jake Bunce, the manager of Viettel ISP.

  • I have the same problem with a HUAWEI HG520s router, when I want to log on it with admin and admin says that’s wrong.
    I’ve resset it but I have the same problem.
    Can you help me with a supervisor user and pass or a way to resset it or to chnange the password and user to default?

    Thank you!

  • Hello, We have this type of router, but cannot even reach the page that asks us for the password. When entering the IP address as the URL, the only thing we have access to change is the WEP password. We also want to change some settings, but cannot find anywhere how to get into the actual page that requires a password. Any ideas?

    • and what about to use a cable (instead of wifi) ?
      :))

  • Thanks for this usefull post, i’ve just make it a digg.

  • Hi
    Doesn’t work on Huawei HG556 router

Leave a comment