Cisco's discovered that its Mobility Express Software, shipped with Aironet 1830 Series and 1850 Series access points, has a hard-coded admin-level SSH password.
The default credentials open affected devices to remote exploitation if an attacker has “layer 3 connectivity to an affected device”.
The bug is in access points running “an 8.2.x release of Cisco Mobility Express Software prior to Release 22.214.171.124, regardless of whether the device is configured as a master, subordinate, or standalone access point”.
Switchzilla's advisory adds that “this advisory is part of a collection” for the Aironet 1830/1850 series.
Also strutting the catwalk in the Aironet Spring Catalogue:
Patches are available to fix up these design blunders. ®