1. Forum
  2. Usenet
  3. COMP.DCOM.MODEMS.CABLE

  • Over 135 million modems vulnerable to denial-of-service flaw

    From Anonymous Remailer (austria)@21:1/5 to Jeremy Bentham on Mon Apr 11 12:10:23 2016
    XPost: alt.privacy.anon-server, alt.cable-tv

    In article <[email protected]>
    Jeremy Bentham <[email protected]> wrote:

    http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/

    That zdnet article is erroneous and inaccurate.

    Resetting those cable modems does nothing but cause them to
    reboot and reload a config file.

    BUT, an attacker has to be ON a PRIVATE RFC 1918 network,
    inaccessible from the Internet in ALL cases.

    They would also have to connect to each modem in order to
    accomplish said feat. It would take a very long time to scan
    the entire address space and find any modems in it.

    Article grade, D--.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Cornelis Tromp@21:1/5 to All on Mon Apr 11 13:43:37 2016
    XPost: alt.privacy.anon-server, alt.cable-tv

    In article <[email protected]>
    Jeremy Bentham <[email protected]> wrote:


    http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/

    That zdnet article is erroneous and inaccurate.

    Resetting those cable modems does nothing but cause them to
    reboot and reload a config file.

    BUT, an attacker has to be ON a PRIVATE RFC 1918 network,
    inaccessible from the Internet in ALL cases.

    They would also have to connect to each modem in order to
    accomplish said feat. It would take a very long time to scan
    the entire address space and find any modems in it.

    Article grade, D--.

    According to your critique, Article grade, F-.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bit Twister@21:1/5 to All on Mon Apr 11 14:02:37 2016
    XPost: alt.privacy.anon-server, alt.cable-tv

    On Mon, 11 Apr 2016 12:10:23 +0200 (CEST), Anonymous Remailer (austria) wrote:

    In article <[email protected]>
    Jeremy Bentham <[email protected]> wrote:

    http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/

    That zdnet article is erroneous and inaccurate.

    Resetting those cable modems does nothing but cause them to
    reboot and reload a config file.

    But if that config file contents were reset to factory defaults it
    might not connect to the ISP provider.

    BUT, an attacker has to be ON a PRIVATE RFC 1918 network,
    inaccessible from the Internet in ALL cases.

    But you do not understand the exploit. As far as the modem is
    concerned it saw the reset from the user on the LAN.

    They would also have to connect to each modem in order to
    accomplish said feat.

    They don't have to. The user gets it when looking at an infected web page.
    As the article indicated it is a LAN side exploit.

    It would take a very long time to scan
    the entire address space and find any modems in it.

    Just how many users do you think get into their modem and change the
    LAN gateway address.

    The address and web page is hard coded for that modem. See http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Fritz Wuehler@21:1/5 to Bit Twister on Wed Apr 13 17:27:16 2016
    XPost: alt.privacy.anon-server, alt.cable-tv

    In article <[email protected]>
    Bit Twister <[email protected]> wrote:

    On Mon, 11 Apr 2016 12:10:23 +0200 (CEST), Anonymous Remailer (austria) wrote:

    In article <[email protected]>
    Jeremy Bentham <[email protected]> wrote:

    http://www.zdnet.com/article/millions-of-routers-vulnerable-to-unpatched-reboot-flaw/

    That zdnet article is erroneous and inaccurate.

    Resetting those cable modems does nothing but cause them to
    reboot and reload a config file.

    But if that config file contents were reset to factory defaults it
    might not connect to the ISP provider.

    A user can reset the modem and erase every setting in it a
    thousand times a day, matters naught. It will resume correct
    operation every single time when it gets an IP address assigned
    to it and the bootp config file is delivered. A user cannot
    reset the contents of the modem bootp config file provided by
    the provider DHCP server. Every type of modem has a specfic
    bootp config file.


    BUT, an attacker has to be ON a PRIVATE RFC 1918 network,
    inaccessible from the Internet in ALL cases.

    But you do not understand the exploit. As far as the modem is
    concerned it saw the reset from the user on the LAN.

    What exploit? It's not an "exploit". It was intentionally
    designed that way.

    They would also have to connect to each modem in order to
    accomplish said feat.

    They don't have to. The user gets it when looking at an infected web page.

    Yeah...? And you're going to get all the existing SB6141 modem
    owners to access that webpage how?

    As the article indicated it is a LAN side exploit.

    Therefore impossible to execute directly from the WAN side.

    It would take a very long time to scan
    the entire address space and find any modems in it.

    Just how many users do you think get into their modem and change the
    LAN gateway address.

    None, because they can't change it.

    The address and web page is hard coded for that modem. See http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults

    Irrelevant since the modem is bridging a public address and
    gateway to whatever is connected on the other side of it in the
    LAN anyway.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)