Enjoyed this write-up, but most of the exploration seemed to be facilitated by someone having already leaked the CLI root password online. Anyone have suggestions on how you might otherwise obtain that information?
Hi, OP here, actually it's not true. Think the scenario as this: you don't have the CLI root password, you just do a MitM attack and learn about root password when your ISP attempts to change it. This applies my situation, also I could learn about the default password just by looking into the firmware.
