Re: multiple vulnerabilities in Alcatel Speed Touch DSL modems

[Joey Hess]

Here's one way to disable the backdoor: I used the EXPERT login to download
/active/ip.ini by ftp, removed all the apadd and rdadd lines, turned off
forwarding for good measure, and re-uploaded it. After resetting the device,
I can't ping it or connect to it on any port, and yet it still functions as
a DSL modem. I suppose this closes all the holes except DSLAM access.

--
see shy jo