|发布时间 :2001-04-10 00:00:00|
|修订时间 :2008-09-05 16:26:31|
[原文]Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
[CNNVD]Alcatel Speed Touch ADSL调制解调器运行固件漏洞(CNNVD-200104-003)
Alcatel Speed Touch ADSL调制解调器运行固件KHDSAA.108， KHDSAA.132， KHDSBA.133， 和KHDSAA.134有空白的默认密码，远程攻击者可以获取未授权的访问。
- CVSS (基础分值)
- CPE (受影响的平台与产品)
|cpe:/h:alcatel:speed_touch_home:khdsaa.133||Alcatel Speed Touch Home KHDSAA,133|
|cpe:/h:alcatel:speed_touch_home:khdsaa.132||Alcatel Speed Touch Home KHDSAA,132|
|cpe:/h:alcatel:speed_touch_home:khdsaa.108||Alcatel Speed Touch Home KHDSAA,108|
|cpe:/h:alcatel:speed_touch_home:khdsaa.134||Alcatel Speed Touch Home KHDSAA,134|
- OVAL (用于检测的技术细节)
(UNKNOWN) CERT-VN VU#212088
(UNKNOWN) CERT CA-2001-08
(PATCH) XF alcatel-blank-password(6335)
(UNKNOWN) BID 2568
(UNKNOWN) BUGTRAQ 20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems
(UNKNOWN) MISC http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
|Alcatel Speed Touch ADSL调制解调器运行固件漏洞|
|2001-04-10 00:00:00||2005-10-20 00:00:00|
|Alcatel Speed Touch ADSL调制解调器运行固件KHDSAA.108， KHDSAA.132， KHDSBA.133， 和KHDSAA.134有空白的默认密码，远程攻击者可以获取未授权的访问。|
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com
|Alcatel Speed Touch ADSL Modem Default Blank Password|
|Remote / Network Access||Authentication Management|
|Loss of Confidentiality, Loss of Integrity, Loss of Availability|
Unknown or Incomplete
|Currently, there are no known upgrades, patches, or workarounds available to correct this issue.|
|Alcatel Speed Touch ADSL Insecure Administration Interface Vulnerability|
|2001-04-10 12:00:00||2009-07-11 06:06:00|
|Discovered by Tsutomu Shimomura. Reported to bugtraq by Tom Perrine <tep@SDSC.EDU> on 10 Apr 2001|
|Alcatel Speed Touch Home KHDSAA.134
Alcatel Speed Touch Home KHDSAA.133
Alcatel Speed Touch Home KHDSAA.132
Alcatel Speed Touch Home KHDSAA.108
|In the factory shipped state, no password is set for the device's administration interface. This could permit a user to reconfigure the unit, or set the password and prevent the device from being reconfigured.
Once a password has been set, the device remains vulnerable to attack in two ways.
- TFTP: The device's TFTP service can be used to overwrite configuration files. This approach may allow an attacker to set or modify the administration password even if it has been previously set.
- Cryptographic attack: by connecting to the "EXPERT" account, a challenge-response sequence is initiated which
is reportedly vulnerable to cryptographic attack. Details of the challenge-response algorithm were not made publicly available.
The device's configuration settings are accessible through FTP, HTTP and Telnet interfaces. In addition, the device's file structure is exposed through FTP. All of these services allow the modification of configuration information.
By default, no password is set for any of these services, so no authentication is required for access.
*** NOTE: Shortly after this advisory was published, the vendor, Alcatel, posted their response to the reported vulnerabilities in their modems.
In addition to providing general mitigating strategies designed to lessen the impact of these isses (such as firewall software and/or a dedicated firewall device or the Alcatel Speed Touch modem with Firewall capabilities), the vendor response indicates that only the Speed Touch Pro is vulnerable to remote changes to firmware code and configuration settings, and that this model can be made secure from such interference by the activation of an inbuilt security feature disabling remote access from the WAN/DSL interface. Therefore, while the discoverer's initial advisory states that the entire family of devices may be vulnerable, the vendor limits the scope of this vulnerability to a single, misconfigured model of the Speed Touch line.
This discussion will be updated regularly as further details and clarification emerge.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.