Factory default software configurations for embedded systems, devices, and appliances often include simple, publicly documented passwords—you can find a list of them here. Default passwords are intended for initial testing, installation, and configuration operations and are intended to be changed before deploying the system in a production environment.
Attackers can easily obtain default passwords and identify internet-connected target systems and log in with Administrative access.
More on this here at US-Cert.
Comments