Alcatel ADSL Modem Unrestricted Remote Access

This script is Copyright (C) 2001-2011 Alert4Web.com


Synopsis :

The Alcatel modem can be accessed remotely.

Description :

On the Alcatel Speed Touch Pro ADSL modem, a protection mechanism
feature is available to ensure that nobody can gain remote access
to the modem (via the WAN/DSL interface). This mechanism guarantees
that nobody from outside your network can access the modem's
management interface and potentially change its settings.

The protection is currently not activated on your system.

In addition, access was gained without providing a password, which
is the default.

See also :

http://www.alcatel.com/consumer/dsl/security.htm

Solution :

Telnet to this modem and adjust the security settings as follows :

=> ip config firewalling on
=> config save

In addition, set a strong password on all accounts.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:H/RL:W/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 10760 (alcatel_adsl_firewalling.nasl)

Bugtraq ID: 2568

CVE ID: CVE-2001-1424