|
|
| Page 1 of 1 |
Invasor
Moderator
Posts: 7638
Location: On the road
|
 Posted: Sat, 21st Nov 2015 15:16 Post subject: 600,000 Arris cable modems have ‘backdoors in backdoors’ |
|
 |
| Quote: | 600,000 Arris cable modems could be affected by a “backdoor-within-a-backdoor”, according to a security researcher.
Bernardo Rodrigues, a vulnerability tester with Brazil’s Globo TV network, posted that he discovered the undocumented library within three Arris cable modems. However, using the search engine for internet-connected devices, Shodan, this found that in fact, 600,000 modems were affected.
While researching the subject, Rodrigues had found a previously undisclosed backdoor on Arris cable modems. But when extending the search through Shodan, Rodrigues claims that more than 600,000 externally accessible hosts are affected by the backdoor. The initial backdoor-admin password was disclosed as far back as 2009 and is based on a known seed.
The backdoor was found in the hidden administrative shell that can control the cable modems. The backdoor account can be used to remotely allow Telnet and SSH through the hidden HTTP administrative interface, or through custom SNMP MIBs.
Rodrigues explains that the default password for the SSH user ‘root’ is ‘arris’. When the Telnet session is accessed, the system spawns the ‘mini_cli’ shell which requests the backdoor password. After log in using the password of the day, this redirects the user to a restricted technician shell.
During analysis of the backdoor library and the restricted shells, Rodrigues that a backdoor had been put in the backdoor. Rodrigues says that the undocumented backdoor password is based on the final five digits from the modem’s serial number. After logging in on the Telnet/SSH with these passwords, a full busybox shell is the result. |
https://thestack.com/security/2015/11/20/600000-arris-cable-modems-have-backdoors-in-backdoors-researcher-claims/
I wonder how many other brands have such shitty products on the market...
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 21st Nov 2015 15:36 Post subject: |
|
|
mh never heard of them. do they only sell their own hardware or is there a chance to find "arris" components in other routers/cable modems/whatever?
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 21st Nov 2015 18:34 Post subject: |
|
|
| freiwald wrote: | | mh never heard of them. do they only sell their own hardware or is there a chance to find "arris" components in other routers/cable modems/whatever? |
They're provided by the Charter ISP here in the states. I've got one. Not the 600K one above but just a basic model. |
|
| Back to top |
|
|
zibztrollingme
Posts: 1526
Location: RAR - Racist Against Russia. Apparently.
|
| Posted: Sat, 21st Nov 2015 20:52 Post subject: |
|
|
| freiwald wrote: | | mh never heard of them. do they only sell their own hardware or is there a chance to find "arris" components in other routers/cable modems/whatever? |
If I'm not mistaken all Motorola stuff uses Arris.
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 21st Nov 2015 22:01 Post subject: ***** |
|
|
|
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group
|
|
 |
|
