Be Box CLI and security issues

An interesting insight into the Be Box, and how much functionality is lurking behind the simple face is what I found here, stating that the box is a dressed down version of a Speedtouch 780WL, and therefore much more capable than the web interface suggests.

This made me curious, and I did a google search on the topic, and I found a variety of CLI commands and some good explanations on the adsl2forum. Finally I took a look into the CLI reference for the 780WL, which the Be Box is based on. This does reveal the whole complexity of the commands that the little box offers.

So far so good. But careful readers of above links will also discover that there are a couple of weird security issues which are hidden in the default settings of the router. The services ftp, https and telnet are exposed to the WAN by default, and on top of that there are some users stored in the settings, which are not visible through the web interface:

_{Administrator}=>user list
User    Flags Role
----    ----- ----
Administrator   U Administrator
tech    R TechnicalSupport
BeTech     TechnicalSupport 

The suspicion that tech and BeTech always have the same password, so the Be guys can telnet into your router quietly, might not be to far off? This means that the door is open to an easy attack for everyone.

To anyone who's using the BeBox, I recommend to remove those users, change the Administrator password and, if not needed, disable the telnet, ftp and https services for the WAN. The easiest way to do this is exporting the settings to an ini file, edit them and then re-import them.