DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
June 4, 2020 
Main Menu
News archives

Who's Online
There are currently 90 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

About 200 million cable modems hit by remotely exploitable vulnerability

Posted on Tuesday, January 14 2020 @ 10:49:40 CET by

ARS Technica warns around 200 million cable modems have a security vulnerability that can be remotely exploited. Called Cable Haunt, the flaw can result in the infection of your cable model simply by visiting a maliciously crafted webpage.

Various modems are affected, including the Sagemcom F@st 3890, Sagemcom F@st 3686, Technicolor TC7230, Netgear C6250EMR, and Netgear CG3700EMR. The Compal 7284E and Compal 7486E, as well as other model with a spectrum analyzer server may also be vulnerable.

The attack can be performed remotely by luring a victim to a webpage that served a malicious JavaScript. There are at least two ways to exploit it, either by causing the browser to connect to the modem, or if that doesn't work, by doing a DNS rebinding attack.

Once infected, attackers can snoop on unencrypted data, mess with your DNS settings, install new firmware on the modem, enroll you into a botnet, etc.
The proof-of-concept exploit uses other clever tricks to work. Because of the memory structure of the MIPS assembly language that runs the spectrum analyzer, the attack code must know the precise memory address of the vulnerable code. (Normally, a buffer overflow exploit would be written directly to the memory stack.) To bypass the restriction posed by this memory structure, Cable Haunt uses return oriented programming to move between pre-existing pieces of code and then create a patchwork of existing code.

Once attackers exploit the vulnerability, they send commands to the modem's telnet server to install a reverse shell. From there, attackers can do all kinds of things, including changing the DNS settings, installing completely new firmware, making the modem participate in a botnet, and monitoring unencrypted data that passes through the modem.
Unfortunately, it's not easy to check if your device is vulnerable to Cable Haunt. Additionally, it's hard to detect an infection as there are various ways to mask this. At the moment, there's no patch.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba