Arris Modem Comes with Three Free Backdoors

[FrgMstr]

For a limited time your brand new ARRIS modem model numbers NVG589 and NVG599 are being supplied to you with three hardcoded features that you will find in few others. These models allow root access through SSH, built-in webserver, hardcoded passwords that come attached to your modems serial number. BUT WAIT! There's more. A bit of sneaky HTTP on port 49152 can get you exposed as well. So, don't walk, but run to your ARRIS modem and get these things fixed.

Seriously, if you own an ARRIS modem, you will want to look into this and follow the fix it link above. HardOCP security experts tell us there are over 92,000 of these routers currently identified as being online currently, and another 40,000 worldwide. Tampa and Sarasota in Florida, and Plano, TX top the online list.



According to Nomotion, the flaws are found in both the standard Arris firmware, but also in the extra code added on top by OEMs. In their research, experts looked at an Arris modem installed on the network of AT&T.

Researchers said the flaws affect NVG589 and NVG599 modems. Both models aren't available through the Arris website and appear to be discontinued products. Based on Censys and Shodan data, researchers believe there are at least 220,000 of these vulnerable modems connected online.

 

[dergreg]

Any cable modem recommendations for Docsys 3 around these parts? Looks like I've got to get a replacement.

 

[carlbme]

Tampa here....just got rid of my Arris modem a while back when I switched to FiOS. Damned scary. Will be making sure that I pass this along to my coworkers as I'm sure a few of them might have these at the house.

 

[viscountalpha]

How are these things still getting through? I mean, seriously wtf.

 

[BigJayDogg3]

Any cable modem recommendations for Docsys 3 around these parts? Looks like I've got to get a replacement.

This doesn't apply to you. These are DSL modems and you have cable internet.

 

[Uvaman2]

How are these things still getting through? I mean, seriously wtf.

They are and they will.. market is too big and moves too fast.. if built here there could be some accountability, but fat cats like high profits.

 

[GotNoRice]

This seems to apply only to Arris combo VDSL modems.

It doesn't apply to any of their Cablemodem products, which are very popular as they now make all of the popular SurfBoard modems (they had a license to use the Motorola name for a few years, which has now expired).

It doesn't apply to any of their modems that aren't combo units. Don't buy shit combo units with some sub-par built-in router and you'll be good to go.

Unfortunately this probably means that most of the people with the listed gear just had it handed to them by AT&T and won't have the slightest idea how to fix it.

Docsys

DOCSIS

 

[Private_Ops]

It doesn't apply to any of their Cablemodem products, which are very popular as they now make all of the popular SurfBoard modems (they had a license to use the Motorola name for a few years, which has now expired).

I wondered why the name switched but never deemed it important enough to look into it.

 

[dergreg]

This seems to apply only to Arris combo VDSL modems.

It doesn't apply to any of their Cablemodem products, which are very popular as they now make all of the popular SurfBoard modems (they had a license to use the Motorola name for a few years, which has now expired).

It doesn't apply to any of their modems that aren't combo units. Don't buy shit combo units with some sub-par built-in router and you'll be good to go.

Unfortunately this probably means that most of the people with the listed gear just had it handed to them by AT&T and won't have the slightest idea how to fix it.



DOCSIS

Quite right, quite right.

This doesn't apply to you. These are DSL modems and you have cable internet.

Good to know, although one of the methods above did allow me to access it in what appears to be a non-meaningful way on the face of it from off-site. ("it" being a cable modem/router combo from my provider that I've been meaning to replace anyway.)

 

[MRAB54]

This is getting kind of ridiculous, I have very little trust in consumer level equipment. A few years back I purchased a refurbished linksys wifi router from a reputable source. Turns out it was hacked and was trying to participate in an ntp DOS. Spammed requests to a bunch of random hosts, only noticed it because my firewall was blocking hundreds of thousands of them. I flashed firmware and it still persisted so had to throw it away. Never buying refurbished computer parts again.

 

[bigstusexy]

I didn't read the blurb enough and it took me until to today to realize that this includes AT&T. I have no choice but to use their hardware (and be charged for it in certain circumstances)

One thing I don't like about them too is they seem to be able to open Browser windows. When the VDSL link goes down it likes to pop up a page telling you so - which is annoying in it's own right. I'm not sure how it does it, especially when it happens on my DVR which didn't have a browser running (or the main browser which is edge). I can see if it did code injection on open pages and still that bothers me for privacy and security reasons.

 

[Wrecked Em]

And you guys laughed at me for going with Tp-link.

 

[Exavior]

Cheap skates, other companies are willing to give you more for free.

And you guys laughed at me for going with Tp-link.

fuck them and their lack of proper settings.