By default, BigPond Wireless Broadband Gateway 3G21WB is sold with a default password. The 'Monitor' account has a password of 'bigpond1', the 'admin' account has a password of 'admin', the 'support' account has a password of 'support', and the 'user' account has a password of 'user' which are publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.
Remote / Network Access
Loss of Integrity
No Vendor Response
Immediately after installation, change all default installed accounts to use a unique and secure password. When possible, change default account names to custom names as well.
It has been reported that the Monitor:bigpond1 and account:password accounts might be hardcoded. If this is true, OSVDB is not aware of a solution in its case.