TITLE: Intracom JetSpeed ADSL Modem Information Disclosure SECUNIA ADVISORY ID: SA18483 VERIFY ADVISORY: http://secunia.com/advisories/18483/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Intracom JetSpeed 500/500i http://secunia.com/product/6835/ Intracom JetSpeed 520/520i http://secunia.com/product/6836/ DESCRIPTION: Dinos has reported a security issue in Intracom JetSpeed ADSL Modem, which can be exploited by malicious people to disclose potentially sensitive information. The problem is caused due to several pages from the web management interface of the modem being accessible without requiring authentication. This can be exploited to disclose username information from the "/cli/list_users.txt" file. The security issue has been reported in Jetspeed 500 and 520 modems that use the Virata-EmWeb web server release 6_1_0. NOTE: Older firmware versions reportedly has the default username and password of “intracom/123456″, which can't be changed. SOLUTION: Ensure that a strong password is set for all user accounts created in the modem. PROVIDED AND/OR DISCOVERED BY: Dinos ORIGINAL ADVISORY: http://blog.globalnetworks.gr/?p=4 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------