Arris Modem Comes with Three Free Backdoors

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
50,313
For a limited time your brand new ARRIS modem model numbers NVG589 and NVG599 are being supplied to you with three hardcoded features that you will find in few others. These models allow root access through SSH, built-in webserver, hardcoded passwords that come attached to your modems serial number. BUT WAIT! There's more. A bit of sneaky HTTP on port 49152 can get you exposed as well. So, don't walk, but run to your ARRIS modem and get these things fixed.

Seriously, if you own an ARRIS modem, you will want to look into this and follow the fix it link above. HardOCP security experts tell us there are over 92,000 of these routers currently identified as being online currently, and another 40,000 worldwide. Tampa and Sarasota in Florida, and Plano, TX top the online list.



According to Nomotion, the flaws are found in both the standard Arris firmware, but also in the extra code added on top by OEMs. In their research, experts looked at an Arris modem installed on the network of AT&T.

Researchers said the flaws affect NVG589 and NVG599 modems. Both models aren't available through the Arris website and appear to be discontinued products. Based on Censys and Shodan data, researchers believe there are at least 220,000 of these vulnerable modems connected online.
 

dergreg

Cookie
Joined
Oct 31, 2008
Messages
442
Any cable modem recommendations for Docsys 3 around these parts? Looks like I've got to get a replacement.
 

carlbme

[H]ard|Gawd
Joined
Aug 17, 2001
Messages
1,221
Tampa here....just got rid of my Arris modem a while back when I switched to FiOS. Damned scary. Will be making sure that I pass this along to my coworkers as I'm sure a few of them might have these at the house.
 

GotNoRice

[H]F Junkie
Joined
Jul 11, 2001
Messages
9,704
This seems to apply only to Arris combo VDSL modems.

It doesn't apply to any of their Cablemodem products, which are very popular as they now make all of the popular SurfBoard modems (they had a license to use the Motorola name for a few years, which has now expired).

It doesn't apply to any of their modems that aren't combo units. Don't buy shit combo units with some sub-par built-in router and you'll be good to go.

Unfortunately this probably means that most of the people with the listed gear just had it handed to them by AT&T and won't have the slightest idea how to fix it.

DOCSIS
 

Private_Ops

[H]ard|Gawd
Joined
Jun 4, 2007
Messages
1,866
It doesn't apply to any of their Cablemodem products, which are very popular as they now make all of the popular SurfBoard modems (they had a license to use the Motorola name for a few years, which has now expired).
I wondered why the name switched but never deemed it important enough to look into it.
 

dergreg

Cookie
Joined
Oct 31, 2008
Messages
442
This seems to apply only to Arris combo VDSL modems.

It doesn't apply to any of their Cablemodem products, which are very popular as they now make all of the popular SurfBoard modems (they had a license to use the Motorola name for a few years, which has now expired).

It doesn't apply to any of their modems that aren't combo units. Don't buy shit combo units with some sub-par built-in router and you'll be good to go.

Unfortunately this probably means that most of the people with the listed gear just had it handed to them by AT&T and won't have the slightest idea how to fix it.



DOCSIS
Quite right, quite right.

This doesn't apply to you. These are DSL modems and you have cable internet.
Good to know, although one of the methods above did allow me to access it in what appears to be a non-meaningful way on the face of it from off-site. ("it" being a cable modem/router combo from my provider that I've been meaning to replace anyway.)
 
Last edited:

MRAB54

Gawd
Joined
Sep 9, 2001
Messages
848
This is getting kind of ridiculous, I have very little trust in consumer level equipment. A few years back I purchased a refurbished linksys wifi router from a reputable source. Turns out it was hacked and was trying to participate in an ntp DOS. Spammed requests to a bunch of random hosts, only noticed it because my firewall was blocking hundreds of thousands of them. I flashed firmware and it still persisted so had to throw it away. Never buying refurbished computer parts again.
 

bigstusexy

2[H]4U
Joined
Jan 28, 2002
Messages
3,146
I didn't read the blurb enough and it took me until to today to realize that this includes AT&T. I have no choice but to use their hardware (and be charged for it in certain circumstances)

One thing I don't like about them too is they seem to be able to open Browser windows. When the VDSL link goes down it likes to pop up a page telling you so - which is annoying in it's own right. I'm not sure how it does it, especially when it happens on my DVR which didn't have a browser running (or the main browser which is edge). I can see if it did code injection on open pages and still that bothers me for privacy and security reasons.
 
Top