[原文]The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access.
Micronet SP916BM routers contain a flaw that may allow a local attacker gain access. When the device is powered off, the password for the account "admin" is reset to its default, "admin". It is possible to power cycle the device and then log into the web management interface (which is only accessible via the same subnet as the router, unless the administrator has explicitly enabled logins from other subnets) with administrative privileges.
Upgrade to firmware version 1.9 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Change the default password upon installation. This would require the attacker to know the previously used admin password.