Default router passwords represent a critical point of vulnerability in private and enterprise networks. When routers are shipped from manufacturers, they typically include preset administrative credentials used to access the web-based management interface. These credentials, if unchanged, can be easily exploited by malicious actors, leading to unauthorized network access, DNS hijacking, or full administrative takeover. This article provides a detailed technical overview of default router passwords, security implications, and a curated list of default usernames and passwords by major manufacturers.

Default credentials are set at the factory to allow initial access to a device for configuration. These are often printed on a label affixed to the router or included in documentation. In older devices, credentials are universal across a product line (e.g., admin/admin), while newer models may generate randomized credentials unique to each unit.

Common default purposes include:

• Access to the web-based GUI (HTTP/HTTPS interface)
• Authentication for SSH, Telnet, or console access
• Access to device APIs or TR-069 remote management

Changing the default password is a critical first step in securing any router or gateway device.

What if you don’t change the default password ?

If a router’s default password remains unchanged:

• Attackers can use credential dictionaries to gain access.
• DNS settings can be altered to redirect traffic.
• Port forwarding can be abused to expose internal services.
• Routers can be hijacked as botnet members (e.g., Mirai).
• Configuration changes can expose sensitive internal infrastructure.

These risks are amplified if remote management is enabled, allowing attackers to reach the interface over the internet.

To protect routers from password-based compromise:

• Immediately change the default administrative password upon installation.
• Use complex, unique passwords (minimum 12 characters with alphanumeric and special symbols).
• Disable remote administration unless secured with VPN or IP whitelisting.
• Restrict management access to specific IPs or VLANs.
• Keep firmware up to date to close known security holes.
• Audit device settings periodically for unauthorized changes.

Common Default Router Usernames and Password

Below is a concise reference list of default usernames and passwords for popular router manufacturers. Note that some devices may vary by model or firmware version. Always verify against the router’s label or official documentation.

Dynamic vs Static Default Credentials

There are two main types of default credentials:

• Static (universal): Same for all devices of a model or brand (e.g., admin/admin).
• Dynamic (unique per device): Printed on the router label, often a long alphanumeric string (e.g., admin / A1B2C3D4E5).

Newer devices, particularly from ISPs, are increasingly adopting unique default passwords to mitigate large-scale attacks. However, these still require change, as they are not always sufficiently complex.