135 Million Modems Vulnerable To Denial-Of-Service Flaw

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
If you are the owner of the Arris Surfboard SB6141, you should take a look at this. Unfortunately, there is no practical fix for the issue.

More than 135 million modems are said to be vulnerable to a flaw that can leave users cut off from the internet -- just by someone clicking on a trick link. The vulnerability, found in a modem used in millions of US households, can allow an attacker with access to the network to remotely reset the device, which wipes out the internet provider's settings and causing a denial-of-service attack. Every person and device on the network will permanently lose access to the internet until the modem owner contacts their internet provider.
 
and because we all bought the modems to avoid getting F'd in the A by fees.........the ISP will do the same again providing no support. Awesomesauce
 
looks like a non issue according to the last sentence of the article
"
Arris said that it recently addressed the access issue with a firmware update.

"We are in the process of working with our Service Provider customers to make this release available to subscribers," said the spokesperson. "There is no risk of access to any user data and we are unaware of any exploits."

"We take product performance very seriously. We work actively with security organizations and our service provider customers to quickly resolve any potential vulnerabilities to protect the subscribers who use our devices," the spokesperson added."
 
I'm not worried. I'm just not paranoid about anything these days. Instead, I'm enjoying life and I'll let those who thinks the sky is always falling to find the solutions for me.
 
My internet just started acting hinky. Some sites work perfect while others don't work at all.
I have an Arris DG1670A.
 
Zack Whittaker is a security writer-editor for ZDNet. said:
Updated with details from Arris and corrected throughout the story that the Surfboard device is a modem, not a router.

I should try being a security writer. I know the difference between a router and a modem.
 
Some idiot at ZDNet said:
Every person and device on the network will permanently lose access to the internet until the modem owner contacts their internet provider.

No, just, no. This CSRF vulnerability allows the attacker to reboot or reset the modem, and neither does anything even remotely permanent.

If you reboot the modem, you get maybe a minute or two of downtime. Resetting the modem forces it to run a channel scan and re-download its configuration from the ISP (based on the modem's immutable MAC address), so it might take a few more minutes to come back into service.
 
What FUD. A "local attacker" - i.e. someone on your local network can reboot your cable modem! Sky is falling! Someone could craft a web page, send the link in your email, and when you click it, your cable modem is rebooted! What horror! They could even reset your cable modem, which will cause it a minute or two more to come back up. THIS IS THE END OF THE INTERNET AS WE KNOW IT UNTIL IT IS FIXED!!!!!! </sarcasm> This "article" has been re-released all over the web. I feel for the ARRIS Tech support this weekend being flooded with calls over this non-issue.

Oh, and if someone can be a "local attacker" and login to your modem to reboot, they could just as easily find a time to walk up to the modem and physically unplug it.
 
Last edited:
Back
Top