Alcatel ADSL-Ethernet bridge Vulnerabilities
Multiple vulnerabilities exist in the Alcatel Speed Touch ADSL "modem."
These vulnerabilities can allow an intruder to take complete control of
There is no way for the end user to disable these
A malicious attacker can:
- Render the device inaccessable
- Disable the device, temporarily or permanently (requiring return to the
- Install malicious code, such as a network sniffer for monitoring local LAN traffic or denial-of-service tools.
These vulnerabilities are the result of:
- A "backdoor" allowing access to the system without any authentication even if the user has changes passwords on the device
- A tftp server which (by definition) does not require authentication. This server can be used to discover and change passwords.
- Lack of integrity checking/authentication on firmware installs.
For more information, see this SDSC advisory
(Speed Touch is a trademark of Alcatel.)