[10211] in bugtraq
aDSL routers
daemon@ATHENA.MIT.EDU (David Brumley)
Wed Apr 14 14:03:47 1999
Date: Tue, 13 Apr 1999 23:01:50 -0700
Reply-To: David Brumley <dbrumley@GOJU.STANFORD.EDU>
From: David Brumley <dbrumley@GOJU.STANFORD.EDU>
To: BUGTRAQ@NETSPACE.ORG
Welp, aDSL is here. And at least one manufacturer, flowpoint, sets no
admin password. It's in the documentation, so I assume the
company already knows about this vulnerability:) System managers
who have aDSL access often overlook this, so I thought I'd point it out.
A quick fix: disable telnet access to all of your aDSL router IP's.
Better fix: set an admin password.
Version tested:
FlowPoint/2000 ADSL Router
FlowPoint-2000 BOOT/POST V4.0.2 (18-Mar-98 12:00)
Software version v1.4.5 built Tue Aug 11 23:20:20 PDT 1998
Cheers,
-db
