"We didn’t disable the local admin login, it was easier for on-site troubleshooting."
COMPANY
Sector: Education
Size: 500 students
Location: Flanders
FACTS & FIGURES
WiFi access point left with local admin account active
No central monitoring
Business Impact: Intruder gained full WiFi control
STORY
At a secondary school in Antwerp, the IT staff installed new WiFi antennas to expand coverage. For convenience, they left the local admin account active with a simple password, assuming it would only be used in emergencies. During a school event, a visitor with basic technical knowledge scanned the wireless environment and discovered the management SSID. Using the default credentials, they logged into the antenna interface and changed key settings. Suddenly, teachers and students lost connection, and the intruder redirected network traffic through malicious DNS servers, exposing sensitive communications.
INCIDENT OVERVIEW
Local admin accounts on WiFi access point are meant for installation, not daily use. When left enabled, they bypass centralized authentication, logging, and monitoring. Attackers know that many organizations leave them active and will probe for management SSIDs or weak credentials. In this case, the convenience of “keeping it simple” allowed a visitor to seize control of the entire wireless network. Once inside, attackers can intercept traffic, redirect users, and even pivot into other systems, making what looks like a small shortcut a systemic weakness.
BUSINESS IMPACT
Unauthorized network reconfiguration
Student data exposed
Teaching disruptions due to unstable Wi-Fi
Risk of lateral movement to admin systems
SECURITY MEASURES
Disable all local logins on Wi-Fi antennas
Use centralized RADIUS authentication
Enforce WPA3 Enterprise with certificate-based auth
Regularly audit Wi-Fi infrastructure
RESOURCES
NIST - Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
CISCO - Meraki Wireless for Enterprise Best Practices - Security