SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (Router/Bridge/Hub)  >   NetDSL Router Vendors:   ARESCOM, Inc.
ARESCOM NetDSL 800 Router Default Configuration Lets Remote Users Access the Telnet Management Port
SecurityTracker Alert ID:  1003496
SecurityTracker URL:  http://securitytracker.com/id/1003496
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 9 2002
Impact:   Root access via network
Exploit Included:  Yes  
Version(s): 800
Description:   A configuration vulnerability was reported in the ARESCOM NetDSL 800 router. A remote user can connect to the router without authenticating and reconfigure it.

It is reported that the default configuration of the NetDSL 800 router does not require authentication on the telnet management port. A remote user can gain access to the management console via telnet.
Impact:   A remote user can gain management control of the router.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.arescom.com/New/Products%20Page/Stored%20Products%20Pages/NetDSL800U%20Page/NetDSL800U.htm (Links to External Site)
Cause:   Access control error, Authentication error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Describes Workaround) Re: ARESCOM NetDSL 800 Router Default Configuration Lets Remote Users Access the Telnet Management Port
The vendor has described a configuration solution.


 Source Message Contents
Date:  Fri, 8 Feb 2002 19:47:54 -0300
Subject:  arescom 800 authentification flaw


-----BEGIN PGP SIGNED MESSAGE-----

The Arescom NetDSL 800,  by default has no configurated any kind of
authentification ,  allowing any intruder to log in, affecting may be the
ADSL connection, or using for its own porpouses
example:

[toor@c0ded]@[2]:(~)#telnet 20x.4x.1x.1x8
Trying 20x.4x.1x.1x8...
Connected to 20x.4x.1x.1x8.
Escape character is '^]'.

         ND1060VE-TFA Copyright by ARESCOM 2000


Login Success!
NetDSL>?

                     ******* Console Help Menu *******
Available Command:

add                add objects in talbe
connect          start the connection
delete             delete objects in table
disconnect      disconnect modem connection
help               display this menu again
quit                quit the system
reboot           reboot the router
reset              reset the configuration, and reboot
save              save the configuration
set                 set system parameters
show              display system status
test                system test
upgrade          upgrade the firmware via FTP, TFTP and XMODEM

NetDSL> (there are no such things as level like in ciscos.. etc..)

 cheers
--
Science is built up of facts, as a house is with stones.  But a collection
of facts is no more a science than a heap of stones is a house.
		-- Jules Henri Poincar'e


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: QdtSU56zBTd/fq81OIM07Cki34Xz90m8

iQEVAwUBPGRVn4hDjf2eob5RAQGCJAf/RihB7k6cZVN03xOtFkzgXJzHpcY/Vgo0
P79ht3uZPDrcXQ/JrU3ioRP8RwR9bi6/3hdskvqTxBzDh7ddrsLaEaYsE/+KRfWv
9b/F5btiIjwulJ8qMg7vGdPWkZHl/BANkPpZL45Luv2g1JjUuOVCtecRKjbwCmJQ
/I/6fxZl9zibQsvUuFROCmwU6Yqmm4iMaCmQES8Rbuil8W6Dxcbheog1zzPHr9wq
JoF5RjOwrDJVOWsx+8xs4jgdEr16kpkw+rn4vOf2bpqDO7YnX5pnOKW4u0J2+LHZ
x03gotIPCSfT4hZgw0ryIwSf9VJoBvrF6jojJZoItoqPtkXYGqc+QQ==
=NaUh
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC