While searching around for a solution to the Arris(modem) password of the day I found out that these routers where being crawled by most common search engines. I found this out by doing the following google query:
The in quote string comes from the default Arris Login page which looks something like this
From this page you can access the default Xfinity Login page by doing the following:
Click the BASIC tab Click the Xfinity tab //if present
Upon clicking the Xfinity tab you will be redirected to the network’s external IP with an open port 8080. Now that you are on this page it will ask you for the Username and Password.
All Xfinity routers come with the exact same login info.
Username: admin Password: password
From here you can manage the “stranger’s” whole network. Change all kind of settings:
Network configuration (LAN,Wireless,etc ...) Connected Devices Port Forwarding (TCP/UDP) ==> The scary part DMZ
If you are lucky enough you might even be able to login to the modem itself. Though this modem has a daily changing password it could be obtain only if the Arris Modem is model TM602A and other few. To generate this password use this generator:
This password could also get you access to SSH, Telenet, others… (nmap the IP for more open ports)
I don’t know the reason as to why ports 80 and 8080 are opened to the public by default. I don’t think users are doing these port-forwards for two reasons, they didn’t even bother to change the default admin password AND they don’t show up on the router’s configuration.
I tested this on my IP and fortunately they weren’t opened because I had my web-server running on these ports so they never reached the Arris/Xfinity login page.
To protect yourself change the default admin password for your Xfinity router and/or open port 80/8080 on some other device.