Askey AP5100W was a wifi mesh node provided to Singtel customers as part of their Fibre Broadband contract package. It is used to provide greater WiFi coverage in homes or offices.
The wifi mesh node comes with a configurable web interface that allows users to modify settings on their mesh nodes and run diagnostics.
The default login credential of the web interface for the Askey AP5100W is as follows:
Despite the web interface being “secured” behind a login interface, the implementation of the authentication is severely flawed. As anyone with access to the router web interface is instantly logged in as soon as one authenticated person logs in. Meaning an attacker on the network is able to access the web interface as soon as a web administrator logs in to the web interface.
Based on our observations, it seems like a successful login sets a global variable in the mesh node to true and all subsequent commands are assumed to be authenticated commands regardless of the sender. There is no session key or cookies involved in the authentication processed.
The vendor didn’t replied to us despite all the efforts we made.