crunch <min-len> <max-len> [charset] -o [output-file]
Include popular weak passwords (123456, password, etc.).
: Regularly check the router's logs for unknown IP addresses or failed login attempts. zte router wordlist
RouterSploit's creds/routers/zte/ftp_default_creds module performs a against ZTE routers' FTP services using a built-in wordlist of known default credentials.
Note: This should only be performed on your own equipment. Note: This should only be performed on your own equipment
| ZTE Model | Username | Password | Source / Notes | | ----------------------- | ----------------- | ---------------------- | --------------------------------------------- | | | admin | admin | Most common default | | ZXV10 H208L | admin | admin | Standard admin access | | H108N V2.1 | 1234 | 1234 | Super user account | | MF65 | (blank) | smartbro | ISP-specific credentials | | MF286R | Root | mbl_2019_SoL | Case-sensitive, used for exploits | | ZXV10 W300 (Telnet) | admin | (MAC-based) | Hardcoded password (see below) | | 831CII | admin | admin | Telnet provides root shell | | Various Models | (varies) | (varies) | Check device label for exact value |
This command generates a simple wordlist of 10,000 passwords in the format ZTE0000 to ZTE9999 , which is a feasible size for targeted testing. This technique directly mirrors how attackers approach routers with deterministic password generation. ISPs periodically roll out firmware patches that update
ISPs periodically roll out firmware patches that update password generation algorithms, fix security exploits, and close backdoors. Check your router's management page regularly for updates. Legal and Ethical Disclaimer
Many ZTE routers have default usernames like "admin" and passwords that can range from "admin" to more specific codes. These are often documented online and can be part of a wordlist.
Most routers ship with a unique default Wi-Fi Protected Access (WPA/WPA2/WPA3) passphrase and a standard administration password. Rather than being completely random, many legacy and current ZTE router models generate these default keys using specific algorithms linked to the hardware's unique identifiers. The Role of MAC Addresses and Serial Numbers
| Username | Password | Notes / Typical Models | |---|---|---| | 1admin0 | ltecl4r0 | ~10% of ZTE models use this less common combination | | ZXDSL | ZXDSL | ~10% of ZTE DSL routers; older ZXDSL series models (ZXDSL 831D, etc.) | | instalador | wwzz2233 | Installer-level access—used by F660 series in some regions | | adminpldt | HL1EU9804BKjTa6734uP370 | Specific to PLDT-customized F670L routers | | user | Haiku_user1 | Used by H1600 series with user-level access | | blank | 1234 | Used by some models (e.g., DNA Mokkula 4G MF920V)—note blank username | | blank | attadmin | AT&T-customized models—blank username, attadmin as password (e.g., MF279) | | Admin | blank | H369A models with blank password field |