SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1937
Security researchers have found five gaping holes in the firmware running on Arris modems, three of which are hardcoded backdoor accounts.
An attacker could use any of these three accounts to access and take over the device with elevated privileges — even root — install new firmware, and ensnare the modem in a larger botnet.
The vulnerabilities came to light after a review of the Arris firmware carried out by experts from Nomotion Labs.
According to Nomotion, the flaws are found in both the standard Arris firmware, but also in the extra code added on top by OEMs. In their research, experts looked at an Arris modem installed on the network of AT&T.
Researchers said the flaws affect NVG589 and NVG599 modems. Both models aren't available through the Arris website and appear to be discontinued products. Based on Censys and Shodan data, researchers believe there are at least 220,000 of these vulnerable modems connected online.
[...] For owners of said devices, Nomotion has published basic self-mitigation instructions that device owners and ISPs can use to block access to the backdoors and fix some of the flaws. The self-mitigations are available at the end of the Nomotion report.
(Score: 3, Informative) by coolgopher on Thursday September 07 2017, @03:40AM
Never let your modem get an IP address on its WAN interface - use the modem as just that, a modem, not a router. Hook up a real router or firewall behind it, and let it do the PPPoE, PPPoA or whatever sign-in is needed. Configure a static IP with no gateway on the modem's LAN interface for admin purposes.