Menu
What's new
By:
Filters Better Search

SB6141 - Vulnerable to Cross Site Forgery Attacks

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yep this is being talked about on other forums and most likely at least for comcast the modem will be EOL'ed they have already done this with the rental version of the 6141. Also the 6121 also has the same issue but has already been put at end of life status by comcast. Not sure what other providers plan to do.
 
EOL doesn't mean End of Support, esp. when there are over a 135M devices at risk...
 
sfx2000 said:
EOL doesn't mean End of Support, esp. when there are over a 135M devices at risk...
Click to expand...

Like i said not sure what other providers might do. I know comcast seems to be in a hurry to get rid of 4x4 and some 8x4 modems and certainly all D-2 modems. Not sure who you have for an ISP but comcast here is set to roll out D-3.1 in my market before the end of this year. Time will tell i know one of the higher end employess from Arris i am sure by Monday he will have some word on this.
 
Arris has made the firmware fix available to the operators, so it's up to BigCable to push it out to devices...

In the interim, here's a quick IPTables entry to protect if one is paranoid...

Code: 
iptables -I FORWARD -d 192.168.100.1 -j DROP
iptables -I FORWARD -s x.x.x.x -d 192.168.100.1 -j ACCEPT
 
For those of us who own our Modem can we expect the benevolent cable company to patch our modems as well?
 
I think TWC has know about this for a while. When I upgraded my service to 300 meg several months ago the TWC guy brought me a Ubee modem. I asked about the Motorola modem. He said they had issues now and the Ubee is what we are going with now. You can still access the Ubee web page but there is no reboot available without putting in a password.

Since 192.168.100.1 is a private IP address the person rebooting your modem has to be on site and have access to your network with an IP address which works with your network.
 
coxhaus said:
I think TWC has know about this for a while. When I upgraded my service to 300 meg several months ago the TWC guy brought me a Ubee modem. I asked about the Motorola modem. He said they had issues now and the Ubee is what we are going with now. You can still access the Ubee web page but there is no reboot available without putting in a password.

Since 192.168.100.1 is a private IP address the person rebooting your modem has to be on site and have access to your network with an IP address which works with your network.
Click to expand...

The article I read said that the reboot was accomplished by tricking someone on your LAN to click a on file name, which in reality wasn't a file but was in fact a command sent to your modem forcing the reboot/reset.

This is partially a Window's issue because it doesn't warn you the the .jpg file you thought you were opening isn't a picture but a command to your modem.

The weakest link in security always seems to be the people.
 
KenZ71 said:
<sarcasm> oh, no my cable company treats me as if I were their best customer</sarcasm>

I suppose it could be fun to reboot a friend's modem while visiting and watching Netflix
Click to expand...

Just host a local webpage with the following links... that's all it takes - and it's not a windows problem, it's a browser problem..

Code: 
[I]<img src=”http://192.168.100.1/reset.htm”>[/I]
[I]
or

[I]http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults[/I][/I]
 
coxhaus said:
Since 192.168.100.1 is a private IP address the person rebooting your modem has to be on site and have access to your network with an IP address which works with your network.
Click to expand...

That's not how Cross Site Forgery Works - it all plays on the local side inside the browser...

Since the person behind the keyboard is already on the private network, they have access to the Surfboard local/private IP...
 
sfx2000 said:
That's not how Cross Site Forgery Works - it all plays on the local side inside the browser...

Since the person behind the keyboard is already on the private network, they have access to the Surfboard local/private IP...
Click to expand...

Righty-o.

Assuming you are logged in, if I put a URL link in my post (image tag maybe?) to hxxp://192.168.100.1/PortForwarding.asp?add=true&extPort=27374&intPort=80&intIP=192.168.100.1 I could theoretically have access to your router.
 
sfx2000 said:
EOL doesn't mean End of Support, esp. when there are over a 135M devices at risk...
Click to expand...

Unless you're Quanta ;)

WARNING: the URL I posted is an horror story. Do not read it late at night.
 
Hmm, maybe that cable company that starts with Com and ends with st that we all like to bash is benevolent after all. I can no longer browse to 192.168.100.1

No patches to router so I must conclude the modem is patched.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
P News Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack General Network Security 15
L&LD Citrix is vulnerable, applying patch isn't enough. 9.8 Rating General Network Security 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 648 (members: 33, guests: 615)
Top