PtP 400 and 600 hidden pages or MAC editing?

Does anybody know if the Moto PtP400 and 600 have the hidden configuration pages like Canopy has/had?

I ask because I seem to remember you could change the MAC address on the canopy gear through one of the pages.

As I understand it, encryption in the PtP links costs extra via licensing, otherwise there is the motorola proprietary signal and MAC address for security.

Assuming there is a hidden configuration page, or some other way to alter the MAC address, is it possible for someone to basically initiate a man in the middle attack if he had a PtP link of his own by finding the MACs of the existing link and placing himself in between with the Altered radio MACs?

I know its far fetched, im not asking about probability, Im curious as to whether it is pssible.

I’m not nearby any of my equipment, but if I recall, ‘ifconfig’ existed as a command when telnet’d into the radios. With ifconfig, you can change your mac provided proper permission levels are met for modifying the device interface. Providing the ‘ifconfig’ tool is not stripped – as most of the tools via telnet are ‘stripped’…

To answer your question; sure, why not? Provided no encryption licenses are used I’m assuming…I’d suppose anything is possible. With 5G backhauls (Soekris/Atheros) I’ve created this exact scenario as a POC for the bosses.

Anyway, ifconfig <iface> hw ether <mac> …unlikely perms. are granted though.