Vulnerabilities > CVE-2001-1424 - Unspecified vulnerability in Alcatel Speed Touch Home

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
alcatel
nessus
NVD
Published: 2001-04-10
Updated: 2017-07-11

Summary

Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.

Vulnerable Configurations

Part Description Count
Hardware
Alcatel
4

Nessus

  • NASL familyMisc.
    NASL idALCATEL_ADSL.NASL
    descriptionThe remote Alcatel ADSL modem has no password set. An attacker could telnet to this modem and reconfigure it to lock you out. This could prevent you from using your Internet connection.
    last seen2020-06-01
    modified2020-06-02
    plugin id10530
    published2000-10-08
    reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10530
    titleAlcatel ADSL Modem Unpassworded Access
    code
    #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
   script_id(10530);
   script_cve_id("CVE-2001-1424");
   script_bugtraq_id(2568);
   script_version ("1.16");
   script_name(english:"Alcatel ADSL Modem Unpassworded Access");
   script_summary(english:"Logs into the remote Alcatel ADSL modem");

 script_set_attribute(attribute:"synopsis", value:
"The remote modem has an account with no password set." );
 script_set_attribute(attribute:"description", value:
"The remote Alcatel ADSL modem has no password set.

An attacker could telnet to this modem and reconfigure it to lock 
you out. This could prevent you from using your Internet connection." );
 script_set_attribute(attribute:"solution", value:
"Telnet to this modem and set a strong password immediately." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2000/10/08");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/04/11");
 script_cvs_date("Date: 2018/06/27 18:42:25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
   script_category(ACT_GATHER_INFO);
 
   script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
   script_family(english:"Misc.");
   script_require_ports(23);
 
   exit(0);
}

port = 23; # alcatel's ADSL modem telnet module can't bind to something else

if(get_port_state(port))
{
 soc = open_sock_tcp(port);
 if(soc)
 {
   r = recv(socket:soc, length:160);
   if("User : " >< r)
   {
     s = string("\r\n");
     send(socket:soc, data:s);
     r = recv(socket:soc, length:2048);
     if("ALCATEL ADSL" >< r)security_hole(port);
   }
   close(soc);
 }
}
  • NASL familyMisc.
    NASL idALCATEL_ADSL_FIREWALLING.NASL
    descriptionOn the Alcatel Speed Touch Pro ADSL modem, a protection mechanism feature is available to ensure that nobody can gain remote access to the modem (via the WAN/DSL interface). This mechanism guarantees that nobody from outside your network can access the modem
    last seen2020-06-01
    modified2020-06-02
    plugin id10760
    published2001-09-14
    reporterThis script is Copyright (C) 2001-2018 Alert4Web.com
    sourcehttps://www.tenable.com/plugins/nessus/10760
    titleAlcatel ADSL Modem Unrestricted Remote Access
    code
    #
# This script was written by Georges Dagousset <[email protected]>
#
# See the Nessus Scripts License for details
#
# Changes by Tenable:
# - Revised plugin title, fixed VDB refs, enhanced description (1/28/2009)


include("compat.inc");

if(description)
{
   script_id(10760);
   script_version ("1.23");

   script_cve_id("CVE-2001-1424");
   script_bugtraq_id(2568);

   script_name(english:"Alcatel ADSL Modem Unrestricted Remote Access");
 
 script_set_attribute(attribute:"synopsis", value:
"The Alcatel modem can be accessed remotely." );
 script_set_attribute(attribute:"description", value:
"On the Alcatel Speed Touch Pro ADSL modem, a protection mechanism 
feature is available to ensure that nobody can gain remote access 
to the modem (via the WAN/DSL interface). This mechanism guarantees 
that nobody from outside your network can access the modem's 
management interface and potentially change its settings.

The protection is currently not activated on your system.

In addition, access was gained without providing a password, which
is the default." );
 script_set_attribute(attribute:"solution", value:
"Telnet to this modem and adjust the security settings as follows :

  => ip config firewalling on
  => config save 

In addition, set a strong password on all accounts." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"see_also", value:"http://www.alcatel.com/consumer/dsl/security.htm" );


 script_set_attribute(attribute:"plugin_publication_date", value: "2001/09/14");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/04/11");
 script_cvs_date("Date: 2018/06/27 18:42:25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
   summary["english"] = "Checks Alcatel ADSL modem protection";
   script_summary(english:summary["english"]);
 
   script_category(ACT_GATHER_INFO);
 
   script_copyright(english:"This script is Copyright (C) 2001-2018 Alert4Web.com");
   script_family(english:"Misc.");
   script_require_ports(23);
 
   exit(0);
}

include('global_settings.inc');

if ( ! thorough_tests && ! ereg(pattern:"^10\.0\.0\..*", string:get_host_ip())) exit(0);

port = 23; # alcatel's ADSL modem telnet module can't bind to something else

if(get_port_state(port))
{
 soc = open_sock_tcp(port);
 if(soc)
 {
   r = recv(socket:soc, length:160);
   if("User : " >< r)
   {
     send(socket:soc, data:string("\r\n"));
     r = recv(socket:soc, length:2048);
     if("ALCATEL ADSL" >< r)
     {
       s = string("ip config\r\n");
       send(socket:soc, data:s);
       r = recv(socket:soc, length:2048);
       if("Firewalling off" >< r)security_hole(port);
     }
   }
   close(soc);
 }
}

References