From the desk of: Sam C. Chan

Advisory: Arris Modem Vulnerabilities

December 1, 2014   (See also multiple addenda at the end. Scroll down.)  Reviewed MAY 2018

CVE-2014-8423 (inaugural event prompting this advisory) + additional cases @CVE


2018 VULDB VID#73020 Base Score: 9.8
2017 US-CERT bulletin SB17-324 citing CVE-2017-13790
2015 US-CERT KB VU#419568  Severity Metric: 7.5!
2014 US-CERT KB VU#855836
2014 NIST National Vulnerability Database CVE-2014-5437

Timewarner official statement & status

2017 ThreadPosts: Bugs in Arris vulnerable to trivial attacks
2017 bleepingcomputer: Cable Modems Affected by SNMP God Mode Flaw
2016 ZDnet: Millions of Arris cable modems vulnerable to DoS flaw
2016 securityaffairs.co: 135 million ARRIS cable modems vulnerable to remote attacks
2016 tomsguide: Millions of Cable Modems Vulnerable to Easy Attack
2015 eHackingNews: Arris/Motorola multiple vulnerabilities & backdoor accounts
2014 Rapid7: R7-2014-13: Arris DOCSIS Exposure (CVE-2014-4863)
2014 sethsec: Forging my way into an XFinity home network via the Arris TG862G

Copyright @2005-2018   Bravo Technology Center  *  Bravo:GO  *  Contact Us