A security vulnerability has been found in Brit broadband biz Hyperoptic's home routers that exposes tens of thousands of its subscribers to hackers.
The gigabit provider's routers are made by ZTE, the Chinese electronics giant that American and British spy agencies have sounded an alarm over. The United States has also imposed a ban on American companies selling components to ZTE and other Chinese network gear makers.
Zte Wifi Router Hacked
In November, infosec outfit Context IS alerted consumer-rights charity Which? to critical vulnerabilities found in the Hyperoptic broadband home router H298N. These bugs can be exploited to gain control of the device, change its firewall and security settings, change the administrative password, and generally cause havoc.
All a victim has to do is click on a link, for example in an email or message, while on the same local network as the router, to trigger exploitation: the URL takes the victim to a webpage that abuses a hardcoded root password in the router.
ZTE Wireless Internet Router IFWA 40 Mobile 4g lte Wifi Hotspot IFWA 40 antenna AT&T 4g lte WiFi Connect Up to 20 Devices Create A WLAN Anywhere GSM (Renewed) 3.9 out of 5 stars 11 $139.99 $ 139.
'The combination of a hardcoded root account and a DNS rebinding vulnerability allows an internet-based attacker to compromise all customer routers of UK ISP Hyperoptic via a malicious webpage,' Context IS said in an advisory on Tuesday. 'The vulnerabilities are present on both “HyperHub” router models, the ZTE H298N and the newer ZTE H298A, affecting hundreds of thousands of devices.'
Find zte router passwords and usernames using this router password list for zte routers. To access the zte router admin console of your device, just follow this article. Below is list of all the username and password combinations that we are aware of for zte routers. The team then tested a separate ZTE device (MF920), finding 'almost the exact same issues.' The vulnerability on the newer device has been fixed, but the researchers believe this shows that ZTE is.
By hijacking the routers, attackers could also turn them into a part of a powerful botnet, given Hyperoptic's speeds of up to 1Gbps.
According to the Which? article more than 400,000 customers may have been affected. However, as pointed out by ISP Review, the actual subscriber figure is more likely to be closer to 100,000.
Daniel Cater, the security researcher at Context IS who discovered the flaw, said: “This has implications for the customers’ own data, but also if an attacker compromises enough routers of an ISP, the threat is elevated and has the potential to impact national security, such as via mass surveillance or DDoS attacks against critical infrastructure.
“Recent announcements from the [National Cyber Security Centre] have shown that attacks such as this against other ISPs and routers are not hypothetical. All ISPs should take this seriously, and invest in thoroughly testing their consumer devices and their infrastructure if they are not already doing so.”
Hyperoptic secured all its ZTE routers in December 2017 once it was alerted to the problem, said a spokeswoman. It then rolled out a more permanent fix, upgrading the firmware in all customer routers in April 2018. The fix was to basically set individual root passwords for the devices.
She said: 'We have no evidence nor reports of any customers affected, and all customer routers are now secured against it.'
Separate research from Broadband Genie found as many as 82 per cent of punters have never changed the password and security setting on their routers. ®
This is a complete list of user names and passwords for ZTE routers.
How To Login to a ZTE Router
Most routers have a web interface. This means that in order to login to them you start with your web browser.
In general you login to a ZTE router in three steps:
- Enter Your ZTE Router IP Address Into your web browser's Address Bar
- Enter your ZTE Router username and password when prompted
The list of user names and passwords is below.
How to Reset Your ZTE Router Password To Default Settings
If none of the passwords below work for you then you have 2 options:
- Either try to recover your router's password with Network Utilities Find Password
- Or Reset your ZTE router
Zte Wifi Router Hacks
Please only reset your router as a last resort.
ZTE Router Password List
Here is a list of all known ZTE passwords and the router they were discovered on.
Be sure to try them all!
| ZTE Model | Username | Password |
| AC30 | admin | admin |
| AR550 | admin | admin |
| Bavo ZXV10-W300 | admin | admin |
| DNA Mokkula 4G MF920V | blank | 1234 |
| F609 | admin | admin |
| F612W | admin | admin |
| F620 | admin | admin |
| F660 | admin | admin |
| F660 | user | user |
| F668 | admin | admin |
| F668 | admin | password |
| F670 | admin | admin |
| F670 | user | user |
| H220N | HPN | blank |
| H220N | KPN | blank |
| H268A | admin | admin |
| H268A | user | user |
| H368N | admin | admin |
| H369A | user | user |
| IX380 Wateen | admin | admin |
| IX380 Wateen | user | user |
| MF275R | blank | admin |
| MF279 | blank | attadmin |
| MF279T | blank | admin |
| MF283 | blank | 1234 |
| MF283 | blank | admin |
| MF283V | blank | admin |
| MF286 | blank | same as default wifi, printed on router |
| MF28B | blank | blank |
| MF28B | blank | blank |
| MF29A | blank | admin |
| MF368 MTN | mtn | admin |
| MF612 | admin | admin |
| MF65 | blank | smartbro |
| MF65M | blank | admin |
| MF90 | admin | admin |
| MF910 | admin | admin |
| MF910 | blank | password |
| MF910V | admin | admin |
| MF910V | blank | password |
| MF920V | admin | admin |
| MF923 | blank | attadmin |
| MF93D | admin | admin |
| MF975S Sprint | blank | password |
| NetFasteR WLAN | admin | admin |
| Speedport Entry 2i | admin | on router label |
| Z-917 | blank | admin |
| Z288L | admin | printed on router |
| Z700A | blank | attadmin |
| ZXDSL 531B | admin | admin |
| ZXDSL 831CII | admin | admin |
| ZXDSL 831D | ZXDSL | ZXDSL |
| ZXDSL 931VII | admin | admin |
| ZXDSL 931VII Netvigator | user | user |
| ZXDSL 931VII T-Mobile | 3play | 3play |
| ZXDSL-831AII | admin | admin |
| ZXHN F609 | admin | admin |
| ZXHN F620 | admin | admin |
| ZXHN H108L | admin | admin |
| ZXHN H108N | admin | admin |
| ZXHN H108N | user | blank |
| ZXHN H108N Bayan | admin | bayandsl |
| ZXHN H108N Telkom | admin | admin |
| ZXHN H108N v2 TE Data | admin | admin |
| ZXHN H108N v2.5 | user | user |
| ZXHN H118N Vivacom | user | user |
| ZXHN H168N | admin | unknown |
| ZXHN H168N | user | blank |
| ZXHN H198A v3.0 | admin | aisadmin |
| ZXHN H208N | admin | admin |
| ZXHN H208N | cytauser | cytauser |
| ZXHN H267A | cytauser | cytauser |
| ZXHN H267A | tmadmin | tmadmin |
| ZXHN H267A v1.0 | admin | superonline |
| ZXHN H267N | admin | admin |
| ZXHN H267N Cyta | cytauser | cytauser |
| ZXHN H268A | admin | admin |
| ZXHN H298N | admin | password |
| ZXHN H298N | located on the back of the router | located on the back of the router |
| ZXHN H298N | user | user |
| ZXHN H367A v1.0 | 1234 | 1234 |
| ZXHN H367N | admin | admin |
| ZXHN H368C | admin | admin |
| ZXV10 H201L | admin | admin |
| ZXV10 H208L | admin | admin |
| ZXV10 W300 | admin | admin |