Regarding the supervisor password from V18 onwards, I have had a flat refusal to provide it as they say it is for ZyXEL developers only. I am going to try to argue that since I own the router and do not want to allow anyone access that I do not have full control over. This effectively allows ZyXEL access to your router without you having control if you are foolish enough to open the WAN side.
Stuart
Their argument holds no authority. Firstly, how would their developers access **YOUR** device? If they did, that infers the pasword is *not* random but generated from some deterministic value. I would have assumed either the serial number of, more likely, MAC address. It makes some sense if they (or an ISP that owns/loans the device as CPE) needs to ensure the customer cannot corrupt or otherwise compromise the device. But for devices owned by you the password should be available.
As an aside, if you want to generate new passwords for /etc/passwd (which is a sym-link to /var/passwd) - works on-device as well as on a regular GNU/Linux PC:
openssl passwd -crypt -salt <salt> <password>
E.g (salt is first two characters of the password field):
cat /etc/passwd
supervisor:aOckvcOVkwRgM:0:0:Administrator:/:/bin/sh
nobody:c50G7APIa951c:99:99:nobody for ftp:/:/bin/false
admin:mTzCzri5uT0V.:100:1:Administrator:/:/bin/sh
So, for user "admin" with password "1234":
~ # openssl passwd -crypt -salt mT 1234
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
mTzCzri5uT0V.
What is worrying is that the supervisor password is also used for the "nobody" user which is used for FTP etc!
# the "supervisor" user:
~ # openssl passwd -crypt -salt aO 30eec8cf
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
aOckvcOVkwRgM
# the "nobody" user:
~ # openssl passwd -crypt -salt c5 30eec8cf
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
c50G7APIa951c
[code]