rcreate
commented
4 months ago Btw… don’t make your heatpump accessible to the public! Can be dangerous and cold if someone destroys your device 😉
Closed rcreate closed 4 months ago
rcreate
commented
4 months ago Btw… don’t make your heatpump accessible to the public! Can be dangerous and cold if someone destroys your device 😉
BenPru
commented
4 months ago Yes, you can get a root shell. But as I know you don't need a password for this. The Socket is also not password protected. So you should never forward your heatpump to the internet.
rseider-mbe
commented
4 months ago Yes, you can get a root shell. But as I know you don't need a password for this. The Socket is also not password protected. So you should never forward your heatpump to the internet.
Hmm. In my case, I need the password to connect through ssh with user root. So, you know how to get into the shell, fine. And of course, I did not forward it ;)
BenPru
commented
4 months ago you know how to get into the shell
But it is years ago that I have tried it. So perhaps it is closed or changed in the current versions.
Not really an issue but a very interesting chance to get more details and opportunities. today, I read an article on heise.de that for heatpumps below 2.88.3 (and other types, too) root access is possible. The password was leaked there. It is „eschi“. You can read the article here: https://www.heise.de/news/Waermepumpen-von-Alpha-Inntotec-und-Novelan-mit-hardkodiertem-Passwort-9618846.html
I thought you all would be interested to discover your devices and find out more hidden stuff. When I have time, I’ll do this, too.
Looking forward for the next update ;-)