Recently I was doing some tests with modems supplied by the ISP's in my country, specifically with the model "Technicolor TC7300", this modem is provided by many companies in Colombia and throughout Latin America, the problem of this modem is as follows:
The ISP in Colombia always refuse to give the password to users, so they the same change, for better security, however these companies use bad practices when choosing passwords in some cases use the same password for all modems across the country, in other cases the identification numbers of the customer, other than these passwords are easy to break, this device can be hacked through brute force method to get your password.
Just imagine a bot breaking passwords throughout Latin America, accessing the settings without permission mixed success of their modems and forwarding for all of your internal network to all ports, after this, imagine the rest.
User: admin | Pass: Uq-4GIt3M | Pass: Swe-ty65 | Pass: RdET23-10 | Pass: TmcCm-651 | Pass: Ym9zV-05n | Pass: 1234 | Pass: 12345
User: admin | Pass: d3c0ntr0l | Pass: Cpe04Epm | Pass: CPE# + numbers
User: gestionune | Pass: g3sti0nr3m0t4
User: admin-UN3 | Pass: CM4CC3SS
User: admin | Pass: 6 numbers
User: administrator | Pass: customer phone number
User: customer | Pass: ClienteETB + year
This PoC (Proof of Concept) requires configuring TOR to run.