Network Security, Vulnerability Management

Reboot flaw leaves millions of ARRIS SURFboard modems vulnerable

Share

An unauthenticated reboot flaw has potentially left millions of ARRIS SURFboard modems vulnerable to a simple attack.

The bug exists in the SURFboard 6141 and SURFboard 5100 modems as a result of the devices' lack of authentication and its susceptibility to cross site request forgery attacks, according to a Security for Real People blog post penned by researcher David Longenecker. 

He that the flaw makes it easy to remotely reboot a modem without even using a password.

He said an attacker can simply browse the devices' IP address from the local network to access both diagnostic data and the web user interface which includes a reboot function.

ARRIS has reportedly updated the SB6141 firmware and is in the process of making it available to service providers since cable modems aren't “consumer-updateable.”

Longenecker recommended that users not click on unexpected or untrusted links until the flaw is patched.

Reboot flaw leaves millions of ARRIS SURFboard modems vulnerable

An unauthenticated reboot flaw has potentially left millions of ARRIS SURFboard modems vulnerable to a simple attack.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.