Have any of you prepped or read up on the cable haunt vulnerability? It has to be executed from behind the cable modem but there is a pretty good article here
https://www.databreachtoday.com/cable-haunt-modem-flaw-leaves-200-millio...
Have any of you prepped or read up on the cable haunt vulnerability? It has to be executed from behind the cable modem but there is a pretty good article here
https://www.databreachtoday.com/cable-haunt-modem-flaw-leaves-200-millio...
Yes this looks like a pretty big problem
I think many Broadcom modems are going to be vulnerable
We are running on tests against our fleet now
I approached one of our vendors, and they advised BCM is aware of the issue and has released solution already
So I guess each vendor needs to take that BCM patch and release an updated firmware
Then each ISP has to download and deploy that updated firmware
Ya I don't have a firmware deployment set up. We just use what we get.
The good news is the client needs to get compromised first but with all of the malware that people get it could be pretty bad.
Seems that the recommended quickfix (until you can get a patched firmware) is to block access LAN -> CM port 8080 by adding these to CM config file :
cmHostIpFilterInterfaces 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.5.x = 0x80 /* CPE */
cmHostIpFilterDirection 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.6.x = 1 /* Inbound */
cmHostIpFilterDestPortLow 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.7.x = 8080 /* spectrum analyzer HTTP TCP port */
cmHostIpFilterDestPortHigh 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.8.x = 8080 /* spectrum analyzer HTTP TCP port */
cmHostIpFilterStatus 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.2.x = 4 (createAndGo)
Some bulletins have said that x must be greater than 10. Not sure why this is the case. It works OK with x = 1 on the modems I have tested.
Thanks! Are you ever coming stateside?
Unfortunately no current plans / opportunities for travel
Enjoying the hot summer weather here at moment (except for all the bushfire smoke!)