(Vendor Describes Workaround) Re: ARESCOM NetDSL 800 Router Default Configuration Lets Remote Users Access the Telnet Management Port - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Device (Router/Bridge/Hub) > NetDSL Router

Vendors: ARESCOM, Inc.

(Vendor Describes Workaround) Re: ARESCOM NetDSL 800 Router Default Configuration Lets Remote Users Access the Telnet Management Port

SecurityTracker Alert ID: 1006000

SecurityTracker URL: http://securitytracker.com/id/1006000

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jan 28 2003

Impact: Root access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 800

Description: A configuration vulnerability was reported in the ARESCOM NetDSL 800 router. A remote user can connect to the router without authenticating and reconfigure it.

It is reported that the default configuration of the NetDSL 800 router does not require authentication on the telnet management port. A remote user can gain access to the management console via telnet.

Impact: A remote user can gain management control of the router.

Solution: The vendor has indicated that the administrative username/password can be configured on the device or via the Windows GUI program. Once the password is configured, the device will require authentication for the telnet session. Also, the administrator can configure "ip filtering" on the Windows GUI program to prevent access from unauthorized IP addresses.

Vendor URL: www.arescom.com/New/Products%20Page/Stored%20Products%20Pages/NetDSL800U%20Page/NetDSL800U.htm (Links to External Site)

Cause: Access control error, Authentication error

Underlying OS:

Message History: This archive entry is a follow-up to the message listed below.

ARESCOM NetDSL 800 Router Default Configuration Lets Remote Users Access the Telnet Management Port

Source Message Contents

Date: Fri, 24 Jan 2003 17:22:04 -0500
Subject: Arescom workaround


The vendor has provided the following information:

"... the administrative username/password should be setup on the CPE. And
you can setup via Windows GUI program. Also it does require authentication
for telnet session after the administrative username/password being setup
and it does block unauthenticated telnet sessions.

Yes, there is one feature "ip filtering" you can setup under windows GUI
program as well to prevent unauthenticated access as well."

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC