In my organisation we have a number of routers. These are configured via telnet (which i know sends in clear text) and are not updated with security patches after vulnerabilties are released. Although these are secured with passwords, no logging is set up on these to monitor access. some of these accept dialup connections and other are used to router traffic between sites.

Can anyone tell me what attacks are these routers vulnerable to? i'm guessing DOS attacks through people sniffing the clear test password and then screwing the config up, but could these also be vulnerable to someone diverting certain traffic elsewhere and operating at man-in-the-middle attack? or are there other types of attack that i should be more worried about?

Thanks

Thatch