If you have one of these cable modems..
-
Arris SB6190
Arris TG1672G
Arris TM1602
Super Hub 3 (Arris TG2492LG) (commonly - virgin media)
Hitron CGN3 / CDA / CGNV series modems:
Hitron CDA-32372
Hitron CDE-32372
Hitron CDA3-35
Hitron CGNV4
Hitron CGNM-3552 (commonly - Rogers)
Hitron CGN3 (eg CGN3-ACSMR) 2013 link
Hitron CGNM-2250 (commonly - Shaw)
Linksys CM3024
Linksys CM3016
TP-Link CR7000
Netgear AC1750 C6300 AC1900
Netgear CM700
Telstra Gateway Max (Netgear AC1900 / C6300) (Australia) 2014 link.
Cisco DPC3848V (eg »High latency/ping to Shaw router? )
Cisco DPC3941B / DPC3941T (commonly - Comcast Xfinity XB3)
Cisco DPC3939
Compal CH7465-LG / Arris TG2492LG (commonly - Virgin Media Hub 3)
Samsung "Home Media Server"Read This- http://www.dslreports.com/forum/r31122204-SB6190-Puma6-TCP-UDP-Network-Latency-Issue-Discussion Before you blame anything else on your network for erratic pings and lost packets..
-
And on top of that, the netgear models have a firmware bug that allows them to be broken into, and controlled remotely. To my knowledge it has not been patched yet in 90% of the models. They claimed the issue only affected a small group of models, but we discovered it affects pretty much all of them. Allows a remote attacker to reset the admin password, then login as normal, and used in conjunction with another exploit, they can get shell access and use the modem to do evil things.
Also affects lenovo modems, but those are pretty rare, they are made by netgear, and use netgear firmware with the logos and graphics swapped out.
At the time of discovery netgear did not have the C6300 listed as affected, but we confirmed it is ourselves when we used the proof of concept on it, and were able to reset the password. Any of the models that have the GENIE interface are 100% affected, and some others as well.
-
Turns out these are worse than originally thought..
https://www.dslreports.com/forum/r31380651-
There is some pertinent information these last couple of days before this post but this pretty much says it all. These models are done.
-
This is quite a revelation, i use a Netgear C6300.
-
the C6300 has a firmware flaw allowing it to be broken into remotely, and used as a zombie/botnet drone.
-
Should i consider replacing it with something else?
-
I would say so. If you are vulnerable, then either fix the problem or replace the hardware.
If your manufacturer released updated firmware, then it might fix the problem. -
I recommend replacing a c6300 with a Standard Modem, not a modem/router combo, and put a pfsense behind it.
-
Wonder if the NetGear vulnerability allows DOCSIS certs to be cloned and that like?
:D
A friend and I found some vulnerabilities in the Hitrons a while back. Sadly not remotely exploitable but they did allow root shell access.
-
http://www.badmodems.com/