gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
74989 Posts in 13107 Topics by 2619 Members - Latest Member: rjvdmeijden December 10, 2016, 02:54:36 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Motorola Modem Own Goal
gfx
gfxgfx
 

Author Topic: Motorola Modem Own Goal  (Read 310 times)

0 Members and 1 Guest are viewing this topic.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Motorola Modem Own Goal
« on: April 10, 2015, 09:58:34 pm »
This is borderline criminal in today's online environment  :ugly:

http://www.theregister.co.uk/2015/04/09/no_moto_surfboard_modem_has_hardcoded_creds/

Quote
Researchers at Rapid7 have turned up a set of typically dumb vulnerabilities in Motorola's DOCSIS/EuroDOCSIS 3.0-capable SURFboard SBG 6580 cable broadband modem. The device, which also ships under the Arris brand, has vulnerabilities included hardcoded login credentials that will allow an outside attacker to take control of the kit.

the three vulnerabilities are:

    A cross-site request forgery tagged CVE-2015-0965 that lets an arbitrary site log in without the user's knowledge;
    At least one hard-coded backdoor, CVE-2015-0966, letting “technician” log in with the password yZgO8Bvj; and
    A cross-site scripting vulnerability in the firewall config page, CVE-2015-0964, letting attackers inject Javascript to do pretty much anything they want.

Arris is the Motorola spin-off carrying the cable modem business. It recently won a lucrative deal in Australia to supply product for the HFC part of the network.

I myself can't understand how anyone could believe they are a professional network engineer / designer and allow these types of exploitable entry points into such equipment, this is beyond belief.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Motorola Modem Own Goal
 

gfxgfx
gfx
©2005-2016 WinMXWorld.com. All rights reserved.
SMF 2.0.12 | SMF © 2016, Simple Machines
Page created in 0.022 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!