upvote
I was deeply alarmed when I figured out ISPs had effortless remote access to the routers and consequently to my LAN. Now they just provide me an ONT which terminates their fiber and connects into my own hardened GL.iNet router running OpenWRT.
reply
If you're accusing CERT of hypocrisy, what's an example of the second case?
reply
I'll do better than a second case, here's three:

Barracuda Networks: https://krebsonsecurity.com/2013/01/backdoors-found-in-barra...

Fortinet: https://community.spiceworks.com/t/hard-coded-password-backd...

Korenix: https://sec-consult.com/vulnerability-lab/advisory/backdoor-...

The fact that the password is "rzadmin" makes it a lot more likely that this is just run of the mill stupidity, and not something more nefarious: you'd want a backdoor that isn't blindingly obvious and usable by the CIA.

reply