CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
89.7%
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device’s configurations.
Vendor | Product | Version | CPE |
---|---|---|---|
alcatel | speed_touch_home | khdsaa.108 | cpe:2.3:h:alcatel:speed_touch_home:khdsaa.108:*:*:*:*:*:*:* |
alcatel | speed_touch_home | khdsaa.132 | cpe:2.3:h:alcatel:speed_touch_home:khdsaa.132:*:*:*:*:*:*:* |
alcatel | speed_touch_home | khdsaa.133 | cpe:2.3:h:alcatel:speed_touch_home:khdsaa.133:*:*:*:*:*:*:* |
alcatel | speed_touch_home | khdsaa.134 | cpe:2.3:h:alcatel:speed_touch_home:khdsaa.134:*:*:*:*:*:*:* |