Cable Haunt Vulnerability | docsis.org

You are here

Cable Haunt Vulnerability

8 posts / 0 new
Last post
windwaterwaves
Cable Haunt Vulnerability

Have any of you prepped or read up on the cable haunt vulnerability? It has to be executed from behind the cable modem but there is a pretty good article here

https://www.databreachtoday.com/cable-haunt-modem-flaw-leaves-200-millio...

mbowe
Yes this looks like a pretty

Yes this looks like a pretty big problem

I think many Broadcom modems are going to be vulnerable

We are running on tests against our fleet now

mbowe
I approached one of our

I approached one of our vendors, and they advised BCM is aware of the issue and has released solution already

So I guess each vendor needs to take that BCM patch and release an updated firmware

Then each ISP has to download and deploy that updated firmware

windwaterwaves
Ya I don't have a firmware

Ya I don't have a firmware deployment set up. We just use what we get.

windwaterwaves
The good news is the client

The good news is the client needs to get compromised first but with all of the malware that people get it could be pretty bad.

mbowe
Quickfix

Seems that the recommended quickfix (until you can get a patched firmware) is to block access LAN -> CM port 8080 by adding these to CM config file :

cmHostIpFilterInterfaces 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.5.x = 0x80 /* CPE */
cmHostIpFilterDirection 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.6.x = 1 /* Inbound */
cmHostIpFilterDestPortLow 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.7.x = 8080 /* spectrum analyzer HTTP TCP port */
cmHostIpFilterDestPortHigh 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.8.x = 8080 /* spectrum analyzer HTTP TCP port */
cmHostIpFilterStatus 1.3.6.1.4.1.4413.2.2.2.1.2.2.1.1.2.x = 4 (createAndGo)

Some bulletins have said that x must be greater than 10. Not sure why this is the case. It works OK with x = 1 on the modems I have tested.

windwaterwaves
Thanks! Are you ever coming

Thanks! Are you ever coming stateside?

mbowe
Unfortunately no current

Unfortunately no current plans / opportunities for travel

Enjoying the hot summer weather here at moment (except for all the bushfire smoke!)

Log in or register to post comments