Heavy rain in the afternoon
- wong chee tat :)
Saturday, April 9, 2016
Vulnerability Note VU#643049 Motorola Surfboard cable modem cross-site request forgery vulnerability
Vulnerability Note VU#643049
If you are a vendor and your product is affected, let us know.
- wong chee tat :)
Motorola Surfboard cable modem cross-site request forgery vulnerability
Overview
Motorola Surfboard cable modems may contain a cross-site request forgery vulnerability that allows an attacker to cause an affected modem to reboot or reload its configuration.
Description
Cable modems are designed to deliver broadband Internet access via unused bandwidth on a cable television network. Some models of Motorola Surfboard cable modems have a web interface that can be used to view log files, check signal levels, restart the modem, and reload the modem's configuration. This web interface listens on a private (RFC 1918) IP address, and can not be accessed via the Internet. Users connected to the modem's LAN interface access the interface via a web browser.
Because the interface uses no authentication, other than binding to a private IP address, the Motorola Surfboard may be vulnerable to various cross-site request forgery (XSRF) vulnerabilities. Note that to exploit these vulnerabilities, an attacker would need to convince a user to visit a specially crafted web page or open an HTML formatted email.
7 April 2016 update: these vulnerabilities have been found to affect more recent and rebranded ARRIS SURFboard SB6141 cable modem gateway products. |
Impact
A remote, unauthenticated attacker may be able to take any action that an authorized user can including restarting the cable modem, or forcing it to reload its configuration file. While a cable modem is rebooting systems that rely on the affected modem will have limited ability to access the Internet.
|
Solution
We are currently unaware of a practical solution to this problem.
|
Restrict access
Restricting access to the Surfboard's web interface by using proxy filtering rules, router access control lists or firewall rules will mitigate this vulnerability. To effectively block access, the rules must prevent users on the LAN side of the cable modem from connecting to the web interface's IP address (usually 192.168.100.1). |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| ARRIS | Affected | - | 07 Apr 2016 |
| Motorola, Inc. | Affected | - | 29 Apr 2008 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Temporal | 6.5 | E:F/RL:U/RC:C |
| Environmental | 6.5 | CDP:N/TD:H/CR:ND/IR:ND/AR:ND |
References
- http://www.rooksecurity.com/blog/?p=4
- http://tools.ietf.org/html/rfc1918
- http://www.owasp.org/index.php/XSRF
- http://www.visolve.com/squid/squid24s1/access_controls.php
- http://www.securityforrealpeople.com/2016/04/arris-motorola-surfboard-modem.html
Credit
Thanks to Michael Brooks for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
- CVE IDs: Unknown
- Date Public: 17 Apr 2008
- Date First Published: 29 Apr 2008
- Date Last Updated: 07 Apr 2016
- Severity Metric: 13.50
- Document Revision: 21
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
- wong chee tat :)
Over 135 million modems vulnerable to denial-of-service flaw
Over 135 million modems vulnerable to denial-of-service flaw
Updated: The flaw lets an attacker cut off an entire network from the internet until the owner calls their provider to restore it.
Zack Whittaker
By Zack Whittaker for Zero Day | April 8, 2016
More than 135 million modems are said to be vulnerable to a flaw that can leave users cut off from the internet -- just by someone clicking on a trick link.
The vulnerability, found in a modem used in millions of US households, can allow an attacker with access to the network to remotely reset the device, which wipes out the internet provider's settings and causing a denial-of-service attack. Every person and device on the network will permanently lose access to the internet until the modem owner contacts their internet provider.
Arris (formerly Motorola) said that it has sold more than 135 million of the Surfboard SB6141 modems, but an Arris spokesperson disputed that the figure was "not an accurate representation" of the units impacted and that only a "subset" of Surfboard devices were affected.
Millions of Comcast, Time Warner Cable, and Charter customers (and more) were shipped one of these modems when they first subscribed.
The flaw is so easy to exploit that anyone on an affected network can be tricked into clicking on a specially crafted web page or email.
Security researcher David Longenecker, who found the flaws and posted the write-up on the Full Disclosure list earlier this week, released the "exploit" link after Arris stopped responding to emails he sent as part of the responsible disclosure process.
In fact, the flaw goes back at least eight years earlier prior to Arris' acquisition of Motorola's networking unit, according to a CERT vulnerability note dated April 2008.
There's no practical fix for the flaw, according to Longenecker.
"The simplest solution would be a firmware update such that the web [user interface] requires a username and password before allowing disruptive actions such as rebooting or resetting the modem, and that validates that a request originated from the application and not from an external source," he said.
Arris said that it recently addressed the access issue with a firmware update.
"We are in the process of working with our Service Provider customers to make this release available to subscribers," said the spokesperson. "There is no risk of access to any user data and we are unaware of any exploits."
"We take product performance very seriously. We work actively with security organizations and our service provider customers to quickly resolve any potential vulnerabilities to protect the subscribers who use our devices," the spokesperson added.
Updated with details from Arris and corrected throughout the story that the Surfboard device is a modem, not a router.
- wong chee tat :)
Updated: The flaw lets an attacker cut off an entire network from the internet until the owner calls their provider to restore it.
Zack Whittaker
By Zack Whittaker for Zero Day | April 8, 2016
More than 135 million modems are said to be vulnerable to a flaw that can leave users cut off from the internet -- just by someone clicking on a trick link.
The vulnerability, found in a modem used in millions of US households, can allow an attacker with access to the network to remotely reset the device, which wipes out the internet provider's settings and causing a denial-of-service attack. Every person and device on the network will permanently lose access to the internet until the modem owner contacts their internet provider.
Arris (formerly Motorola) said that it has sold more than 135 million of the Surfboard SB6141 modems, but an Arris spokesperson disputed that the figure was "not an accurate representation" of the units impacted and that only a "subset" of Surfboard devices were affected.
Millions of Comcast, Time Warner Cable, and Charter customers (and more) were shipped one of these modems when they first subscribed.
The flaw is so easy to exploit that anyone on an affected network can be tricked into clicking on a specially crafted web page or email.
Security researcher David Longenecker, who found the flaws and posted the write-up on the Full Disclosure list earlier this week, released the "exploit" link after Arris stopped responding to emails he sent as part of the responsible disclosure process.
In fact, the flaw goes back at least eight years earlier prior to Arris' acquisition of Motorola's networking unit, according to a CERT vulnerability note dated April 2008.
There's no practical fix for the flaw, according to Longenecker.
"The simplest solution would be a firmware update such that the web [user interface] requires a username and password before allowing disruptive actions such as rebooting or resetting the modem, and that validates that a request originated from the application and not from an external source," he said.
Arris said that it recently addressed the access issue with a firmware update.
"We are in the process of working with our Service Provider customers to make this release available to subscribers," said the spokesperson. "There is no risk of access to any user data and we are unaware of any exploits."
"We take product performance very seriously. We work actively with security organizations and our service provider customers to quickly resolve any potential vulnerabilities to protect the subscribers who use our devices," the spokesperson added.
Updated with details from Arris and corrected throughout the story that the Surfboard device is a modem, not a router.
- wong chee tat :)
System Updates: Router Changes
System Updates: Router Changes
- Removed unnecessary cron jobs
- Reconfigure and increase dns forward queries
- Increased caching size
- Custom added links for faster caching
- wong chee tat :)
- Removed unnecessary cron jobs
- Reconfigure and increase dns forward queries
- Increased caching size
- Custom added links for faster caching
- wong chee tat :)
Wake Up lyrics
主题曲 《Wake Up》
作词:倪安东
作曲:Skot Suyama 陶山/倪安东
编曲:Skot Suyama 陶山
O.P: HIM Music Publishing Inc.
O.P: Tao Shan Music Co. Ltd 陶山音乐有限公司
主唱:倪安东
Now wake on up uh little girly
Don’t forget what they said
The early birdy gets the wormy time to get outta bed
Go on and let down your bun co-come on lets have some fun
Go get a piece of what your missin. look out here comes the sun
So come take a ride with
Your eyes open wide
its the time for the time of your life
It don’t matter what you DODO do do
Long as you’re doing what your HEARTHEART says to
Hold on to all the things you LOVELOVE and you
Better believe that they’ll be coming B-B-B-BACK to you
So if you WANTWANT the truth
Go out and get it cuz it WONTWONT Find you
Its time to let yourself be free of what you knew
Get on the FASTFAST TRACKTRACK
Grab a hold of life fore its through
你到底聽不聽得懂 或要我解釋清楚
還是你害怕面對現實這條路太痛苦
壞與好都是禮物 別讓感受變麻木
快拔掉麻醉針清醒跨出你的下一步
So come take a ride with
Your eyes open wide
its the time for the time of your life
It don’t matter what you DODO do do
Long as you’re doing what your HEARTHEART says to
Hold on to all the things you LOVELOVE and you
Better believe that they’ll be coming B-B-B-BACK to you
So if you WANTWANT the truth
Go out and get it cuz it WONTWONT Find you
Its time to let yourself be free of what you knew
Get on the FASTFAST TRACKTRACK
Grab a hold of life fore its through
Now come take a ride with
Your eyes open wide
Its your right now go(to) fight for your life
SHHHHH
張開眼睛請你 看個 清楚
勇敢起義活出 新的 態度
改頭換面跟上我們的舞步
I hope you’re ready Cuz we’re COMING BBBBACK to You
Now it don’t matter what we DODO do do
Long as we’re doing what we LOVELOVE to do
Because the feelin in our HEARTHEART rings true
And it keeps telling us to come on B-B-B-BACK to you
So if you WANTWANT the truth
Go out and get it cuz it WONTWONT Find you
Its time to join us and be free of what you knew
We’re on the FASTFAST TRACKTRACK
Rockin you right on out of your shoes
- wong chee tat :)
作词:倪安东
作曲:Skot Suyama 陶山/倪安东
编曲:Skot Suyama 陶山
O.P: HIM Music Publishing Inc.
O.P: Tao Shan Music Co. Ltd 陶山音乐有限公司
主唱:倪安东
Now wake on up uh little girly
Don’t forget what they said
The early birdy gets the wormy time to get outta bed
Go on and let down your bun co-come on lets have some fun
Go get a piece of what your missin. look out here comes the sun
So come take a ride with
Your eyes open wide
its the time for the time of your life
It don’t matter what you DODO do do
Long as you’re doing what your HEARTHEART says to
Hold on to all the things you LOVELOVE and you
Better believe that they’ll be coming B-B-B-BACK to you
So if you WANTWANT the truth
Go out and get it cuz it WONTWONT Find you
Its time to let yourself be free of what you knew
Get on the FASTFAST TRACKTRACK
Grab a hold of life fore its through
你到底聽不聽得懂 或要我解釋清楚
還是你害怕面對現實這條路太痛苦
壞與好都是禮物 別讓感受變麻木
快拔掉麻醉針清醒跨出你的下一步
So come take a ride with
Your eyes open wide
its the time for the time of your life
It don’t matter what you DODO do do
Long as you’re doing what your HEARTHEART says to
Hold on to all the things you LOVELOVE and you
Better believe that they’ll be coming B-B-B-BACK to you
So if you WANTWANT the truth
Go out and get it cuz it WONTWONT Find you
Its time to let yourself be free of what you knew
Get on the FASTFAST TRACKTRACK
Grab a hold of life fore its through
Now come take a ride with
Your eyes open wide
Its your right now go(to) fight for your life
SHHHHH
張開眼睛請你 看個 清楚
勇敢起義活出 新的 態度
改頭換面跟上我們的舞步
I hope you’re ready Cuz we’re COMING BBBBACK to You
Now it don’t matter what we DODO do do
Long as we’re doing what we LOVELOVE to do
Because the feelin in our HEARTHEART rings true
And it keeps telling us to come on B-B-B-BACK to you
So if you WANTWANT the truth
Go out and get it cuz it WONTWONT Find you
Its time to join us and be free of what you knew
We’re on the FASTFAST TRACKTRACK
Rockin you right on out of your shoes
- wong chee tat :)
Subscribe to:
Posts (Atom)