Backdoor in a backdoor identified in 600000 Arris modems2015-11-25 01:59 by Daniela
Tags: backdoor, Arris
A Brazilian researcher has recently found what he called a "backdoor-within-a-backdoor" vulnerability which affects around 600,000 cable modems manufactured by Arris. According to him, the modems contain an undocumented library that acts as a backdoor, in turn allowing privileged logins using a custom password.
"While researching on the subject, I found a previously undisclosed backdoor on Arris cable modems, affecting many of their devices including TG862A, TG862G, DG860A," said Bernardo Rodriques on his personal blog. "As of this writing, Shodan [search engine] searches indicate that the backdoor affects over 600,000 externally accessible hosts and the vendor did not state whether it's going to fix it yet."
In its response to the issue, Arris explained that the company had implemented this access method on certain cable modem products to provide access to technicians, but has since disabled that access in order to minimize any risks to subscribers.
"Security is a top priority at ARRIS," the company said, in a statement. "When it comes to our network and customer premises equipment products, we work actively with security organizations and our Service Provider customers to identify and quickly resolve any potential vulnerabilities to protect the consumers who use our devices. We are aware of the recently reported password vulnerability. The risk related to this vulnerability is low, and we are unaware of any exploit related to it. However, we take these issues very seriously and review them with the highest priority. Our team has been working around the clock on modem updates that address this reported vulnerability."
Read more -here-