:: Deepquest ::

Verizon’s 4G LTE Network Extender is utilizing a weak default admin password generation algorithm. The password is generated using the last 4 values from device’s MAC address which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string LTEFemto resulting in something like LTEFemtoD080 as the default Admin password. Versions GA4.38 through 0.4.038.2131 are affected.