The D-Link DI-701 Residential Gateway has an open port which allows brute force password guessing, and has a factory set default password.
38facafaac95d809bb8da1935129228b1a5ac274f9bdd91ef816186614cbbffd
D-Link DI-701 Residential Gateway's Admin login available on external port
As part of our company's evaultion of security products for our use, I
discovered a serious flaw in the D-Link DI-701 Residential Gateway. This
box is touted as a personal firewall to protect home users (cable modems)
from attacks. The box uses network address translation and blocks external
attempts to get to the internal network. Unfortunatly, the administrative
login on port 333 is available on the external and internal side of the
firewall. Compounded this is the fact that your password (no username) can
only be 6 characters long! A quick brute force against this password
revealed a superadmin password that is set to "year200". What is especially
troubling is that your internal IDS will not pick up the multiple attempts
at either the 6 character normal password or the 7 character superadmin
password.
Brant Hale
VC3, INC