[原文]Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests.
By default, JetSpeed ADSL Modems install with several default passwords. The web interface has a "intracom" account has a password of "123456" which is publicly known and documented. Additionally, a second account called "admin" exists which has a password of "admin". This allows attackers to trivially access the system.