MidnightBSD

Advisories for alcatel

CVE-1999-1559 MEDIUM

Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel omniswitch *
CVE-2001-1424 HIGH

Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel speed_touch_home khdsaa.133
alcatel speed_touch_home khdsaa.108
alcatel speed_touch_home khdsaa.132
alcatel speed_touch_home khdsaa.134
CVE-2001-1425 HIGH

The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel speed_touch_home khdsaa.133
alcatel speed_touch_home khdsaa.108
alcatel speed_touch_home khdsaa.132
alcatel speed_touch_home khdsaa.134
CVE-2001-1426 HIGH

Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel speed_touch_home khdsaa.133
alcatel speed_touch_home khdsaa.108
alcatel speed_touch_home khdsaa.132
alcatel speed_touch_home khdsaa.134
CVE-2001-1484 HIGH

Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel adsl_modem_1000 *
alcatel speed_touch_adsl_modem home
CVE-2002-0119 MEDIUM

Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel speed_touch_home -
CVE-2002-1272 HIGH

Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel aos 5.1.1
CVE-2004-2377 MEDIUM

Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
alcatel omniswitch 7000
alcatel omniswitch_7800 *
CVE-2011-4505 HIGH

The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
alcatel speedtouch_5x6_router_firmware *
alcatel speedtouch_5x6_router *
CVE-2018-6597 HIGH

The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
alcatel a30_firmware 7.0