arescom 800 authentification flaw

[Powertech <powertech () ezkracho com ar>]

-----BEGIN PGP SIGNED MESSAGE-----

The Arescom NetDSL 800,  by default has no configurated any kind of
authentification ,  allowing any intruder to log in, affecting may be the
ADSL connection, or using for its own porpouses
example:

[toor@c0ded]@[2]:(~)#telnet 20x.4x.1x.1x8
Trying 20x.4x.1x.1x8...
Connected to 20x.4x.1x.1x8.
Escape character is '^]'.

         ND1060VE-TFA Copyright by ARESCOM 2000


Login Success!
NetDSL>?

                     ******* Console Help Menu *******
Available Command:

add                add objects in talbe
connect          start the connection
delete             delete objects in table
disconnect      disconnect modem connection
help               display this menu again
quit                quit the system
reboot           reboot the router
reset              reset the configuration, and reboot
save              save the configuration
set                 set system parameters
show              display system status
test                system test
upgrade          upgrade the firmware via FTP, TFTP and XMODEM

NetDSL> (there are no such things as level like in ciscos.. etc..)

 cheers
--
Science is built up of facts, as a house is with stones.  But a collection
of facts is no more a science than a heap of stones is a house.
                -- Jules Henri Poincar'e


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: QdtSU56zBTd/fq81OIM07Cki34Xz90m8

iQEVAwUBPGRVn4hDjf2eob5RAQGCJAf/RihB7k6cZVN03xOtFkzgXJzHpcY/Vgo0
P79ht3uZPDrcXQ/JrU3ioRP8RwR9bi6/3hdskvqTxBzDh7ddrsLaEaYsE/+KRfWv
9b/F5btiIjwulJ8qMg7vGdPWkZHl/BANkPpZL45Luv2g1JjUuOVCtecRKjbwCmJQ
/I/6fxZl9zibQsvUuFROCmwU6Yqmm4iMaCmQES8Rbuil8W6Dxcbheog1zzPHr9wq
JoF5RjOwrDJVOWsx+8xs4jgdEr16kpkw+rn4vOf2bpqDO7YnX5pnOKW4u0J2+LHZ
x03gotIPCSfT4hZgw0ryIwSf9VJoBvrF6jojJZoItoqPtkXYGqc+QQ==
=NaUh
-----END PGP SIGNATURE-----