Problem
My landlord got a new router (Model No.: ZyXEL VMG4381-B10A) today and had some problem changing the password to the router’s admin account.
The default configuration address is http://192.168.200.1 and it does not ask for username or password. However, judging from the fact that all settings are available for changing, it seems that the website is logged in as ‘admin’ by default. This means that anyone with a little knowledge about internet connection is able to find the gateway address and mess with the router configurations including firewall, parental control, port forwarding, QoS, etc.
Solution
- Go to http://192.168.200.1
- In the “User Account” page, create a new user in Administrator group with customized name and password.
- Logout and login with the newly created user.
- In the “User Account” page, remove the ‘admin’ user.
Analysis
When there is no longer an ‘admin’ user, the router fails to auto-login and requires manual username and password input. This secures the configurations from unauthorized changes.
It is absolutely bizarre for an ‘admin’ to be able to create a new user with the power to overthrow itself. With naive solution comes hidden pitfalls.
