CVE-2001-1426

Description

Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.

Affected products

alcatel / speed_touch_homekhdsaa.108 – khdsaa.108
alcatel / speed_touch_homekhdsaa.132 – khdsaa.132
alcatel / speed_touch_homekhdsaa.133 – khdsaa.133
alcatel / speed_touch_homekhdsaa.134 – khdsaa.134

References

MISChttp://www.securityfocus.com/bid/2566
MISChttp://www.kb.cert.org/vuls/id/490344
MISChttp://www.securityfocus.com/archive/1/175229
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/6336
VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2001-08.html