Alcatel ADSL Modem Unrestricted Remote Access

high Nessus Plugin ID 10760

Synopsis

The Alcatel modem can be accessed remotely.

Description

On the Alcatel Speed Touch Pro ADSL modem, a protection mechanism feature is available to ensure that nobody can gain remote access to the modem (via the WAN/DSL interface). This mechanism guarantees that nobody from outside your network can access the modem's management interface and potentially change its settings.

The protection is currently not activated on your system.

In addition, access was gained without providing a password, which is the default.

Solution

Telnet to this modem and adjust the security settings as follows :

=> ip config firewalling on => config save

In addition, set a strong password on all accounts.

See Also

http://www.alcatel.com/consumer/dsl/security.htm

Plugin Details

Severity: High

ID: 10760

File Name: alcatel_adsl_firewalling.nasl

Version: 1.24

Type: remote

Family: Misc.

Published: 9/14/2001

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/11/2001

Reference Information

CVE: CVE-2001-1424

BID: 2568