Which tactic is commonly used in red teaming to gain access to devices such as modems?

The main idea is gaining initial access by exploiting credentials on device management interfaces. Many modems and similar network devices expose web or other login portals for administration, and they often ship with default or weak credentials that users don’t change. In a red team, enumerating these devices and attempting common usernames and passwords can quickly unlock admin access, giving a foothold to explore configurations, modify settings, or pivot into the broader network. This approach is practical and reliable for this kind of target, especially when devices are exposed to the network or poorly secured. Other options don’t fit as well. Social engineering alone can help obtain credentials but isn’t as consistently effective for directly accessing a device’s admin interface. Automated patch deployment is a defensive action, not a method for breaking in. Denial of service aims to disrupt services rather than grant access to the device.