VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 4, 2002· Updated Jun 16, 2026

CVE-2002-0949

CVE-2002-0949

Description

Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

Root cause

"The router sends the administrative password in cleartext over UDP."

Attack vector

A remote attacker can send a specially crafted packet to UDP port 9833 on the vulnerable Telindus router. This triggers the router to send a reply containing the administrative password and other sensitive information in cleartext. The exploit code demonstrates sending a specific UDP payload to trigger this response [ref_id=1].

Affected code

The vulnerability is related to how the Telindus 1100 series routers handle administrative connections via UDP port 9833. The exploit code targets this specific port and protocol to elicit the password leak [ref_id=1].

What the fix does

The vendor released firmware version 6.0.27, which reportedly uses an encrypted UDP packet for connections. However, this firmware is reported to use a weak encryption scheme that is easily circumvented by an attacker, indicating it does not adequately protect against this vulnerability [ref_id=1]. The advisory does not specify a definitive fix for this issue.

Preconditions

  • networkThe attacker must have network access to the target router's UDP port 9833.

Reproduction

The provided exploit code `telozarzo.c` can be used to test for this vulnerability by targeting a specific IP address [ref_id=1].

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.