If you have one of these cable modems..



  • Arris SB6190
    Arris TG1672G
    Arris TM1602
    Super Hub 3 (Arris TG2492LG)  (commonly - virgin media)
    Hitron CGN3 / CDA / CGNV series modems:
    Hitron CDA-32372
    Hitron CDE-32372
    Hitron CDA3-35
    Hitron CGNV4
    Hitron CGNM-3552 (commonly - Rogers)
    Hitron CGN3 (eg CGN3-ACSMR) 2013 link
    Hitron CGNM-2250 (commonly - Shaw)
    Linksys CM3024
    Linksys CM3016
    TP-Link CR7000
    Netgear AC1750 C6300 AC1900
    Netgear CM700
    Telstra Gateway Max (Netgear AC1900 / C6300) (Australia) 2014 link.
    Cisco DPC3848V (eg »High latency/ping to Shaw router? )
    Cisco DPC3941B / DPC3941T  (commonly - Comcast Xfinity XB3)
    Cisco DPC3939
    Compal CH7465-LG / Arris TG2492LG (commonly - Virgin Media Hub 3)
    Samsung "Home Media Server"

    Read This-  http://www.dslreports.com/forum/r31122204-SB6190-Puma6-TCP-UDP-Network-Latency-Issue-Discussion    Before you blame anything else on your network for erratic pings and lost packets..


  • Banned

    And on top of that, the netgear models have a firmware bug that allows them to be broken into, and controlled remotely.  To my knowledge it has not been patched yet in 90% of the models.  They claimed the issue only affected a small group of models, but we discovered it affects pretty much all of them.  Allows a remote attacker to reset the admin password, then login as normal, and used in conjunction with another exploit, they can get shell access and use the modem to do evil things.

    Also affects lenovo modems, but those are pretty rare, they are made by netgear, and use netgear firmware with the logos and graphics swapped out.

    At the time of discovery netgear did not have the C6300 listed as affected, but we confirmed it is ourselves when we used the proof of concept on it, and were able to reset the password.  Any of the models that have the GENIE interface are 100% affected, and some others as well.



  • Turns out these are worse than originally thought..

    https://www.dslreports.com/forum/r31380651-

    There is some pertinent information these last couple of days before this post but this pretty much says it all.  These models are done.



  • This is quite a revelation, i use a Netgear C6300.


  • Banned

    the C6300 has a firmware flaw allowing it to be broken into remotely, and used as a zombie/botnet drone.



  • Should i consider replacing it with something else?



  • I would say so. If you are vulnerable, then either fix the problem or replace the hardware.
    If your manufacturer released updated firmware, then it might fix the problem.


  • Banned

    I recommend replacing a c6300 with a Standard Modem, not a modem/router combo, and put a pfsense behind it.



  • Wonder if the NetGear vulnerability allows DOCSIS certs to be cloned and that like?

    :D

    A friend and I found some vulnerabilities in the Hitrons a while back. Sadly not remotely exploitable but they did allow root shell access.