gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75033 Posts in 13122 Topics by 2622 Members - Latest Member: tiit20 January 18, 2017, 01:37:50 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Motorola Modem Own Goal
gfx
gfxgfx
 

Author Topic: Motorola Modem Own Goal  (Read 322 times)

0 Members and 1 Guest are viewing this topic.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Motorola Modem Own Goal
« on: April 10, 2015, 09:58:34 pm »
This is borderline criminal in today's online environment  :ugly:

http://www.theregister.co.uk/2015/04/09/no_moto_surfboard_modem_has_hardcoded_creds/

Quote
Researchers at Rapid7 have turned up a set of typically dumb vulnerabilities in Motorola's DOCSIS/EuroDOCSIS 3.0-capable SURFboard SBG 6580 cable broadband modem. The device, which also ships under the Arris brand, has vulnerabilities included hardcoded login credentials that will allow an outside attacker to take control of the kit.

the three vulnerabilities are:

    A cross-site request forgery tagged CVE-2015-0965 that lets an arbitrary site log in without the user's knowledge;
    At least one hard-coded backdoor, CVE-2015-0966, letting “technician” log in with the password yZgO8Bvj; and
    A cross-site scripting vulnerability in the firewall config page, CVE-2015-0964, letting attackers inject Javascript to do pretty much anything they want.

Arris is the Motorola spin-off carrying the cable modem business. It recently won a lucrative deal in Australia to supply product for the HFC part of the network.

I myself can't understand how anyone could believe they are a professional network engineer / designer and allow these types of exploitable entry points into such equipment, this is beyond belief.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Motorola Modem Own Goal
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.13 | SMF © 2016, Simple Machines
Page created in 0.02 seconds with 25 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!