Avast network scan - incorrect results ?

WK_schnarfl and Eddy - many thanks for replying.

The warning I referred to is different to WK_schnarfl’s: there is nothing about ISPs in mine.

Here is what Avast tells me:

Description
A service on this device has a weak or default password. This is very dangerous situation, because factory-default usernames and passwords are often used by hackers and cybercriminals.
Catalogue ID HNS-WEAK-PASS
Username:
●●●●●●●●admin
Password:
●●●●●●●●admin
Details
Risks
Attackers can access and control a service on this device.
Solutions
Change the access password for this service.

I believe this is a false warning (i.e. a bug) rather than a “false positive” as such, since the admin/admin combo does not log in to my router. It did originally when I first bought it, but I have since changed my login and password. I have just tested admin/admin again, and as expected it does not work. Thus it is a mystery why Avast thinks that there is a weak password here.

Bluto

first, i’ve always had strong passwords for both admin and wifi

security warning was driving me crazy so i’ve spent hours looking for some answers, done a factory reset, updated my firmware btw, set all new passwords for admin and for wifi, new SSIDs etc, double checked all my settings etc

everything is perfect

avast still says my pass is admin admin. shut up avast, you’re drunk.

https://i.imgur.com/drLeKy7.jpg

edit: i’ve also tried the router’s telnet interface to see if there’s some hidden telnet account still set to admin admin, but no.

FOUND IT! Damn i’m good 8). It’s not a bug and avast was right all along.

Here, the cause and the solution:

It’s router’s internal FTP Server.
Like most people I’ve never used it and i’ve forgot it’s even there.

https://i.imgur.com/qxwS4px.jpg

This is the service with a weak password from the warning.
FTP Server has it’s own separate user authentication and it’s own admin, that you’ve probably never gave a proper password.

If you use this ftp server, set a new password here. If not, just disable entire thing.

And done, everything is secure and avast is happy.

https://i.imgur.com/eJIV0VK.jpg

Oh, and btw Avast, SOME BETTER DESCRIPTIONS TO YOUR WARNINGS WOULD BE NICE IN THE FUTURE.

Some routers have a password backup option.
Disable it or avast can flag it.

Good detective work, miwoj!

That fixed it for me, too. I agree that Avast’s warning is deceptive (it should mention the FTP server username/password), but at least it picked up a potential security problem for which I am grateful.

Out of interest, what could a hacker access if they had your IP address and managed to log into the FTP server of a TP-Link router using admin/admin? The FTP settings are under the heading “USB Settings”. Does this mean that a hacker could nab any data on a connected USB hard disk?

Bluto

This should give a good idea on what could be accessed :
http://www.tp-link.com/us/faq-341.html

Thanks for the link, Eddy.
Bluto

You’re welcome.

Keep in mind that it depends on settings what exactly can be accessed.