| VID |
29092 |
| Severity |
40 |
| Port |
23 |
| Protocol |
TCP |
| Class |
Telnet |
| Detailed Description |
The target Alcatel ADSL modem has no password set.
Alcatel Asymmetric Digital Subscriber Line (ADSL) modems are shipped with blank passwords. A remote attacker could gain read or write privileges to the configuration file to take control over the device using Telnet or HTTP. The attacker could use this weakness to gain unauthorized access to your modem and then reconfigure the modem. In the case of TELNET and HTTP, this vulnerability grants the attacker read and write access to device configuration. For FTP, this vulnerability allows the attacker to browse the file structure of the affected device.
* References:
http://www.alcatel.com/consumer/dsl/security.htm
http://www.cert.org/advisories/CA-2001-08.html
http://archives.neohapsis.com/archives/bugtraq/2001-04/0142.html
https://www.kb.cert.org/vuls/id/212088
http://security.sdsc.edu/self-help/alcatel/
http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
* Platforms Affected:
Alcatel ADSL Network Termination Device 1000
Alcatel Speed Touch ADSL modem Home |
| Recommendation |
Telnet to the passwordless modem and set a password for the Alcatel ADSL modem immediately.
Contact your vendor for more details. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
6335 (ISS) |
|
