Router User Privilege

In the process of discovering new flaws, this was the third one i found on PROLiNK routers. The prolink router user privilege is categorized according to user type (Root or User) . For the root account all the services are made available whereas in user account some of the services are restricted. In the video below i will show you how i was able to access the services made available to only root users by login the router with user account.

This was reported to PROLiNK and they replied ” ¬†ignore the local separate web link issue as only allowed via LAN site¬† ” . Though you may not be able to do it in remote routers but any client on your LAN (Local Area Network) can change your configuration if he has an user privileged account on router or if you provide one thinking that there is no harm in doing so.

Few days ago, PROLiNK send us the frimware currently deployed for only srilanka telecom now they have made the generic frimware for all users but they are not still available on website ( support page.

So to be secure, use only one account, admin account and if possible change both the default username and password of your router.