Multiple Vulnerabilities in Alcatel ADSL ModemsVulnerabilities have become aparant in several of Alcatel's modems. These models are the Alcatel Speed Touch Home ADSL Modem, and the (discontinued) Alcatel 1000 ADSL Network Termination Device (used by BT in their ADSL trials last year.)
This, fortunatly, does NOT affect the Alcatel Speed Touch USB modem as provided by BT(ignite) as some people may fear. However, BT do provide the Speed Touch Pro for Homechoice customers, but I believe access to the modems is limited. For those interested, or those who have invested in a Speed Touch Home modem, the vunerabilties are as follows:
VU#211736 - Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks
VU#243592 - Alcatel ADSL modems provide EXPERT administrative account with an easily reversible encrypted password
VU#212088 - Alcatel ADSL modems contain a null default password
VU#490344 - Alcatel ADSL modems provide unauthenticated TFTP access via physical access to the WAN interface
These have impacts such that a remote attacker may be able to gain access and change settings on the modem. More information about this can be found from the SDSC (San Diego Supercomputer Center).
There are several suggested solutions to these vulnerabilities as the full CERT document explains. I also recommend checking the original SDSC document, which suggests that the Alcatel Speed Touch Pro modem may also be vunerable. Alcatel have released a press release. Please note that this is not to do with the new drivers for the Speed Touch USB modem.
If you have any queries, please feel free to e-mail me or post to our message boards.
Thanks to Dirk and an Anonymous user on our message boards, who brought this to our attention. (seb: .. and the other couple of people who forwarded the CERT notice too..)