Fullrate – Zyxel P-2602HW-D1A – admin password?

Fullrate uses Zyxel router P-2602HW-D1A to connect some customers to the Internet.

Zyxel P-2602HW-D1A
ZyNOS Firmware Version: V3.40(AOM.4) | 03/09/2009
DSL Firmware Version: TI AR7 06.00.04.00
DSL Mode: ADSL2PLUS

1*telephone line DSL uplink,
1*wireless AP,
2*telphone ports for VoIP
4*lansided switchports.

Password problem
I plugged in the powercable and inserted a lan cable into one of the switchports. Opened a browser and inserted the routers webinterface address: 192.168.1.1
There is no username and the default password is 1234. You will get asked to change the password, then log in again with the new password but you could also ignore it and keep default.
I made lots of security changes and when satisfied I decided to connected it to the internet.
But… when it established a connection I could not log in to the routers webinterface anymore. Furthermore the Wlan actived itself again, as well as the telephone ports – so it seemed to reset itself.

Solution:
Well, I spend hours wondering what the password might be and why the f… i had to set it at all, when it gets reset to some unknown password afterwards. Until i found a manual from another version of a zyxel router at the fullrate site, explaining how to reset a router password.

THE PASSWORD GET CHANGED WHEN I CONNECT THE DEVICE TO THE INTERNET. THE NEW PASSWORD IS THE SAME I USE AT MY ->FULLRATE ACCOUNT PAGE<- MY VoIP SETTINGS RESETS WHEN CONNECT TO INTERNET - but i can configure it afterwards and it stays that way.

After all it makes sence, cause “Remote management” would be wide open for anyone, if the user doesnt changes to the password and just plug in the device. Took me ages to figure that out. Hope it saves you some time :D

Security Suggestions:
Change these horrific default settings!!!!

  • “The firewall is disabled”
  • “Allow Netbios over TCP/IP from WAN to LAN” is activated and hidden away in the advanced settings of the NAT routing part.
  • “The wireless network is activated”without password or encryption, but in case no encryption -> WPA with a standart hashkey 01234567 is used.
  • “Remote management” is activated on WAN and LAN for: WWW, Telnet, FTP, SNMP, DNS, ICMP

Connect to AP problem
I had trouble connecting with my laptop (XP prof. SP3) to the wireless AP. I read in different fora that it needed a newer network card driver, but it still didnt work for me.
It worked when i disabled the encryption on the router. I also got it to work, pretty unstable thou`, when I changed the wireless to: “Enable 802.11g+ mode” with Preamble on “dynamic” and 802.11 Mode to “802.11G only”

DMZ
It is helpfull to know that if you go in Firewall settings …
The default server, “feature” is the DMZ. Which should normally bypass all hardware firewall router settings…
It doesnt really say anywhere, that this is a DMZ server.

Port forwarding
In case you want to port forward, remember you need to forward the port and setup the firewall afterwards! (In case you enabled it)
In the “NAT” section, choose “port forward” in the top. Add IP and ports; preconfigured availableas fx. FTP service.
Go to “Security” section “Firewall”, choose “Rules” in the top, and add a rule for your newly created port forward. Again some are available as preconfigured.

This entry was posted in bash,shell,ssh,telnet, SystemSetup. Bookmark the permalink.

Leave a Reply