Found this tonight again after reading about this in dec 2001[posted by a dutch hacker]
Alcatel Speed Touch Pro ADSL Insecure Embedded TFTP Server Vulnerability


RELEASED: April 11, 2001
AFFECTS: Alcatel Speed Touch Home KHDSAA.108, 132, 133, 134

Certain Alcatel ADSL-Ethernet bridge products feature an embedded TFTP server, which can be used by remote users to make changes to configuration and firmware. Normally, the TFTP service in such a device would not be accessible from the WAN. In this case, however, the interface is available to both extranet users and attackers local to the copper loop on which the DSL connection is carried.
Since TFTP provides no support for user authentication, this leaves the device's admin interface and firmware upload feature completely open to any attacker. Moreover, user-supplied firmware code transferred to the router/bridge is not checked for authenticity, and an attacker may exploit the open TFTP interface to install malicious code on the device.
No method is available for disabling the vulnerable TFTP service.
Workaround is available.See

Or simply block TFTP in your broadband router!

I only do firmware upgrades in a windows environment,never TFTP.[remote configuration i don t use it]