The Lantronix SCS1620: An Unpublished Gold Mine

by JK

This article is a simple no-sense rundown of the defaults and specifications of the Lantronix SCS1620.  It is used all over the place, including one of the nation's biggest chains of banks, as well as in several universities.  It is surprisingly common to come across systems that have been put on a network (especially headless one) and not configured at all.  Hopefully administrators who use these devices will realize that with the publicly available information below, their network could be penetrated easily, and subsequently computers that hold important financial information could be compromised.  No one wants to see their bank account emptied as a result of negligent administration.

The SCS1620 from Lantronix is a very cool device.  It has sixteen RS-232 serial ports on the back so you can control devices (primarily computers) with ease.  Beyond that, it is a pizza-box shaped Red Hat Linux box with a 128 MB memory card, a two-row LCD on the front, and optional modem module for dial-up access, a 10/100 Ethernet port to put it on the network, a terminal interface direct COMM access, and a PCU8 port to connect to the Lantronix PCU8 power manager.

The default banner is simply "SCS1620".

The default communication parameters for the terminal and device ports are as follows: 9600 baud, 8 data bits, 1 stop bit, no parity (9600 8N1), XON/XOFF flow control, port-type of DCE.  The modem port's default parameters are for the modem port are the same, except with a baud rate of 38,400 bps and RTS/CTS flow control.  The power management port (PCU8) has the same defaults as the terminal and device ports, except the port type is DTE.  The device and PCU8 ports can be configured for baud rates of 2.4 - 115.2 kbps, and as DTE or DCE.

By default, the only user that can log in "sysadmin" (default password "PASS").  Once inside, you can change various settings or go into what they call root mode (simply a shell) by typing "bash".  From there you can "su" and the default password is "root",  As sysadmin or root, you can write Perl scripts.

So admins, when you take the SCS1620 out of the box, don't just plug it into the network and be glad it works.  Configure it (type "setup")!  If properly configured however, the SCS1620 offers excellent security and incredible functionality.

If you happen to be inside one of these boxes for whatever reason, here is a list of commands to try out (the obvious ones have no explanation, just Google it!).

adduser
alias
cat
clear
deluser
direct - Direct mode on (for device communication)
dtedce - Configure device port type
editbrk - Edit user "send break"
sequence
editdev - Edit device settings
editesc - Edit escape sequence
edituser - Edit user settings
exit - Deselect a port
help - Show help
info - Show system information
less
listdev - List device names
listen - Listen on a port
listusers
logout
man
passwd
oweroff
reboot
save - Save programming changes
select - Select a port
scp - Secure copy
setup - Use the initially configure the SCS1620
sftp
ssh
ssh keygen
telnet
timeout - Set timeout times
version - Show version info
install_modem

Remember, there is nothing wrong with exploration.  Don't abuse your situation and give us hackers a bad name, but don't be afraid to look around some computer systems.

Shout Outs: DS, SW, JCH, HJ, AP, LB, etc.

Return to $2600 Index