Ranljivost Cable Haunt (tarča so kabelski modemi)

Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. The vulnerability enables remote attackers to execute abitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.

The vulnerable endpoint is exposed to the local network, but can be reached remotely due to improper websocket usage. Through malicious communication with this endpoint, a buffer overflow can be exploited to gain control of the modem.

There are an estimated 200 million cable modems in Europe alone. With almost no cable modem tested being secure without a firmware update, the number of modems initially vulnerable in Europe is estimated to be close to this number. However, it is tough to give a precise estimate of the reach of Cable Haunt.

Cable Haunt is exploited in two steps. First, access to the vulnerable endpoint is gained through a client on the local network, such as a browser. Secondly the vulnerable endpoint is hit with a buffer overflow attack, which gives the attacker control of the modem.

Once control has been achieved by an attacker, it can be abused in many ways. Some examples are:

• Change default DNS server
• Conduct remote man-in-the-middle attacks
• Hot-swap code or even the entire firmware
• Upload, flash, and upgrade firmware silently
• Disable ISP firmware upgrade
• Change every config file and settings
• Get and Set SNMP OID values
• Change all associated MAC Addresses
• Change serial numbers
• Be exploited in botnet