Why the fuck do people not change their router admin password!? I was at a hotel today and could access their router admin interface with the default credentials. I guess this isn't purely the fault of the hotel because not all people know a damn thing about security and only use the interface to change the SSID and password of the AP. But why allow them to leave the default password? Why isn't this a standard feature to be forced to change the password :|

@Demolishun please Tim don't shoot me i will change it to something more secure!

Changes it to "password" :)

Your router has a password?
Wait, you can change the password?

The last router my ISP gave me didn't have a login screen at all 🤷‍♂️

I blame the shitty ISPs more then uneducated users.

A good router should have a default password that's random (not derived from the MAC and certainly not a single global default). Afaik AVM uses a dictionary word + a few digits, which combined with a lockout to prevent brute forcing is "good enough".
Of course if you're a business running a public access point you should either know what you're doing or pay a professional that does. Especially if it's a larger setup like in a hotel.

In conclusion: I blame both!

I changed it to "password". Should be set for life. Thanks jonas

@saucyatom "lockout to prevent bruteforcing"

Inb4 cycling and randomizing your mac address.

Or simply copying one that's already authenticated.

@Wisecrack I haven't tried but it might be a global CD, which turns your brute forcing into a denial of service attack.

@C0D4 that's more a Ethernet bridge than a router

My admin password is the default one. However everything (web/telnet/ssh/ftp) is inaccessible from wi-fi and 8 of the 10 ports.

@hjk101 oh no. It was a router, it was still configurable at 192.168.X.1 it was just a login-less ui.