Security News > 2020 > January > Cable Haunt: Millions of Cable Modems With Broadcom Chips Vulnerable to Attacks

Cable Haunt: Millions of Cable Modems With Broadcom Chips Vulnerable to Attacks
2020-01-10 15:11

Hackers may be able to remotely take complete control of cable modems from various manufacturers due to a critical vulnerability affecting a middleware component shipped with some Broadcom chips.

They've reproduced the attack on ten cable modems from Sagemcom, Netgear, Technicolor and COMPAL, but other manufacturers also likely use the Broadcom chip containing the vulnerability.

Over the past year they have been notifying affected ISPs - cable modems are typically provided to internet users by ISPs - and four companies in Denmark and Norway have reported patching their devices after being notified.

The vulnerable tool is only exposed to the local network, but Cable Haunt attacks can also be launched from the internet by getting the targeted user to visit a malicious website or a site that serves malicious ads.

The researchers who discovered Cable Haunt explained that cross-origin resource sharing in the browser should prevent such attacks, but they discovered that all of the tested modems were vulnerable to DNS rebinding.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/w31BWkJfHz8/cable-haunt-millions-cable-modems-broadcom-chips-vulnerable-attacks

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Broadcom 90 4 114 154 66 338