alcatel software vulnerabilities
vulnerabilities.aspcode.net
Searching alcatel software vulnerabilities
Alcatel Speed Touch ADSL modem running firmware
unauthorized
|
KHDSAA132
|
KHDSAA108
|
KHDSBA133
|
attackers
|
KHDSAA134
|
password
|
firmware
|
default
|
Alcatel
|
running
|
remote
|
allows
|
access
|
Speed
|
which
|
blank
|
Touch
|
modem
|
gain
|
ADSL
|
has
|
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
The challenge-response authentication of the EX
challenge-response
|
authentication
|
information
|
privileges
|
KHDSAA134
|
KHDSAA132
|
KHDSAA108
|
attackers
|
computing
|
directly
|
response
|
provided
|
firmware
|
Alcatel
|
through
|
running
|
during
|
device
|
allows
|
EXPERT
|
remote
|
Speed
|
login
|
based
|
Touch
|
gain
|
user
|
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
Alcatel Speed Touch running firmware KHDSAA.108
configurations
|
KHDSAA132
|
KHDSAA108
|
KHDSAA134
|
attackers
|
versions
|
password
|
device's
|
firmware
|
without
|
running
|
through
|
Alcatel
|
remote
|
change
|
allows
|
server
|
Speed
|
which
|
Touch
|
TFTP
|
has
|
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.
Alcatel ADSL modems allow remote attackers to a
attackers
|
Transfer
|
Protocol
|
Alcatel
|
Trivial
|
modems
|
access
|
remote
|
allow
|
ADSL
|
File
|
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.
Alcatel Speed Touch Home ADSL Modem allows remo
attackers
|
service
|
Alcatel
|
remote
|
denial
|
allows
|
cause
|
Touch
|
Speed
|
Modem
|
ADSL
|
Home
|
Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection.
Alcatel 4400 installs the /chetc/shutdown comma
Alcatel
|
Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.
Alcatel OmniPCX 4400 installs files with world-
OmniPCX
|
Alcatel
|
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
Alcatel OmniPCX 4400 installs known user accoun
OmniPCX
|
Alcatel
|
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
The Session Initiation Protocol (SIP) implement
Initiation
|
Protocol
|
Session
|
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
Alcatel OmniSwitch 7000 and 7800 allows remote
OmniSwitch
|
Alcatel
|
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
Heap-based buffer overflow in the management in
management
|
interfaces
|
Heap-based
|
overflow
|
buffer
|
Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.
The (1) Aruba Mobility Controllers 200, 600, 24
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.
Integer overflow in the envwrite function in th
Alcatel-Lucent
|
demonstrated
|
addresses
|
overwrite
|
argument
|
function
|
envwrite
|
overflow
|
certain
|
Integer
|
memory
|
allows
|
kernel
|
large
|
users
|
local
|
Labs
|
Bell
|
Plan
|
via
|
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.
Alcatel-Lucent Lucent Technologies voice mail s
Identification
|
Alcatel-Lucent
|
Technologies
|
reconfigure
|
attackers
|
mailboxes
|
retrieve
|
messages
|
spoofing
|
Calling
|
systems
|
Number
|
Lucent
|
remove
|
remote
|
voice
|
allow
|
mail
|
Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).
Alcatel-Lucent IP-Touch Telephone running OmniP
Alcatel-Lucent
|
daisy-chained
|
Enterprise
|
attackers
|
Telephone
|
IP-Touch
|
default
|
systems
|
enables
|
OmniPCX
|
running
|
access
|
allows
|
switch
|
voice
|
later
|
which
|
VLAN
|
mini
|
gain
|
via
|
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
masterCGI in the Unified Maintenance Tool in Al
metacharacters
|
Communication
|
Maintenance
|
Enterprise
|
masterCGI
|
parameter
|
arbitrary
|
attackers
|
commands
|
earlier
|
OmniPCX
|
Alcatel
|
execute
|
Unified
|
action
|
during
|
allows
|
Server
|
remote
|
shell
|
Tool
|
ping
|
user
|
via
|
R71
|
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
The Thomson/Alcatel SpeedTouch 7G router, as us
Thomson/Alcatel
|
authentication
|
administrative
|
unspecified
|
SpeedTouch
|
involving
|
attackers
|
intranet
|
probably
|
vectors
|
session
|
access
|
remote
|
allows
|
router
|
bypass
|
port
|
HTTP
|
Home
|
gain
|
used
|
via
|
Hub
|
The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub, allows remote attackers on an intranet to bypass authentication and gain administrative access via unspecified vectors, probably involving an HTTP session on port 80. NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.
Multiple cross-site request forgery (CSRF) vuln
cross-site
|
Multiple
|
forgery
|
request
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Software vulnerabilities results 1 to 20 of 20
Page:
1
2
►