Security News Three Hardcoded Backdoor Accounts Discovered in Arris Modems

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Security researchers have found five gaping holes in the firmware running on Arris modems, three of which are hardcoded backdoor accounts.

An attacker could use any of these three accounts to access and take over the device with elevated privileges — even root — install new firmware, and ensnare the modem in a larger botnet.

The vulnerabilities came to light after a review of the Arris firmware carried out by experts from Nomotion Labs.

According to Nomotion, the flaws are found in both the standard Arris firmware, but also in the extra code added on top by OEMs. In their research, experts looked at an Arris modem installed on the network of AT&T.

Researchers said the flaws affect NVG589 and NVG599 modems. Both models aren't available through the Arris website and appear to be discontinued products. Based on Censys and Shodan data, researchers believe there are at least 220,000 of these vulnerable modems connected online.

Below is a summary of all the flaws researchers discovered:

Backdoor #1
Modems come with SSH enabled by default and exposed to external connections. Attackers could use the default "remotessh/5SaP9I26" username and password combo to authenticate on any modem with root access — this means an attacker can do whatever he wants on the device.

Full Article. Three Hardcoded Backdoor Accounts Discovered in Arris Modems
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top