cancel
Showing results for 
Search instead for 
Did you mean: 

ZYXEL NBG4604 supervisor password - unable to change - firmware?

flack
Dabbler
Posts: 23
Thanks: 2
Registered: ‎05-07-2007

ZYXEL NBG4604 supervisor password - unable to change - firmware?

I am trialling one of these routers - which I had configured as I thought, fairly securely  ....so a big thanks to a forum member for mentioning the 'supervisor' login on a separate thread  ....and for showing me the great big gaping hole in my security as I didn't know about this login!    It works on my router too...  with default password...  On checking the downloadable manual the details are on the front of that however...  Problem:  it isn't looking like I can change the default password for the 'supervisor'  login which is very worrying....  On this basis I don't think I will be continuing with it after the trial...    and thinking of swapping it out very soon in fact...
I did not get any screens  to prompt for a password change on initial login as admin which I used to set the router up, or as 'supervisor' - as mentioned in the product manual...  and I had some difficulty changing the standard  'admin' login password as it did not seem to want to accept the format the guidance said it should....  😞   
Anyone know, would the password change reminder screen be there after a factory reset or should I be looking for a firmware update??  The firmware version it says it is running is  V1.00(BWH.1)C0 ... 
15 REPLIES 15
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

This may help http://forums.thinkbroadband.com/fibre/t/4064818-re-recommended-fibre-router.html
Quote
to chnage supervisor password use save vconfig as .cfg file option and edit the text file before ftping back up
flack
Dabbler
Posts: 23
Thanks: 2
Registered: ‎05-07-2007

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

Thanks for looking into this, much appreciated, but ftp with admin account does not appear to work - not accepting any password!  ...However, with supervisor account and ftp client, not browser, I could eventually  see an ftp root folder  ...which seemed empty.  Upgraded the firmware which was really easy as it happens, but still not got a solution and the ftp still does not work with admin account (even after disabling firewall etc).  There is now a default .cfg file that I can see in ftproot but it's not called vconfig.  Don't know if I have misunderstood.  This may have settings for supervisor account  - amongst many other things - not seen them as yet...    Is looking to me like I'd have to replace the default config with an altered one then revert to the amended 'default' settings to get supervisor password altered....  Backing up the config does not produce a text file.  Seems a bit too much hassle for something that seems to have been a known security issue they haven't fixed for well over a year at least.  This product may work but IMO it's not secure as it stands, on a LAN.....even if it can be protected from WAN access...  Beginning to wonder if this one is broken (as well!) in view of the ftp issues, and original issues in changing admin password.
kevhky
Dabbler
Posts: 24
Registered: ‎27-03-2012

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

Hi
Did you manage to change the password as it certainly needs changing
What is the supervisor login details ill gove it a go
Surely it can be done
kevhky
Dabbler
Posts: 24
Registered: ‎27-03-2012

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

OK  ive managed to change the Supervisor password
Google is your friend
:0)
ffox
Pro
Posts: 577
Thanks: 137
Registered: ‎08-06-2011

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

@kevhky
How did you do it?
I can download the configuration file but when I try to upload, the router won't accept it (even unchanged!).
I've tried the ftp method but can't persuade Filezilla to connect to the Zyxel router.  I gather it has to be an active connection.  What settings do I need to put into the router?
kevhky
Dabbler
Posts: 24
Registered: ‎27-03-2012

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

FTP method is the easiest
Your problem lies with FileZilla, download winSCP its another ftp prog, it will work with it
Kev
ffox
Pro
Posts: 577
Thanks: 137
Registered: ‎08-06-2011

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

Yes, it works with WinSCP! Thanks. Smiley
kevhky
Dabbler
Posts: 24
Registered: ‎27-03-2012

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

No Problem
Smiley Smiley Smiley Smiley Smiley Smiley
ffox
Pro
Posts: 577
Thanks: 137
Registered: ‎08-06-2011

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

The change to the .cfg file has changed the supervisor password for the GUI, but ftp still needs "supervisor" to connect.
So is it any more secure now than it was before?  Undecided
kevhky
Dabbler
Posts: 24
Registered: ‎27-03-2012

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

Mmmmmm good point....,  ill look into that
kevhky
Dabbler
Posts: 24
Registered: ‎27-03-2012

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

Firewall rule FTP from the outside world
ffox
Pro
Posts: 577
Thanks: 137
Registered: ‎08-06-2011

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

So the default (firewall enabled, zero rules set) should be safe?
kevhky
Dabbler
Posts: 24
Registered: ‎27-03-2012

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

Enable firewall
Dont create an FTP rule
FTP wont get nowhere near your router
End of
:0)
flack
Dabbler
Posts: 23
Thanks: 2
Registered: ‎05-07-2007

Re: ZYXEL NBG4604 supervisor password - unable to change - firmware?

Thanks all, I've now managed to change the password then disabled my FTP firewall rule!  Cool  The router is actually turning in a pretty good performance so now this is sorted it is worth keeping on for a bit.......very disappointing that it was put on the market like that as it seems a good product (now)  and if there is ever a later firmware than the one I've just put on I hope they will do something about it in that...  Interestingly I could not see the original .cfg file via ftp to get it off the router, except very briefly after flashing the firmware.  Had to save it as a text file using router web interface, then after edit, on upload using winSCP FTP client, while I still could still not see it on the router, I was asked to overwrite the original file. The edited file then became visible.  (Yes I had been using Filezilla before, thanks for tip Smiley  )  So I am happy that eventually it has worked and it will not be an issue or problem for me to keep ftp disabled.