Categories: Blog

New exploit affects 200 million+ cable modems worldwide

“Cable Haunt” Exploit: what you need to know, and steps to protect yourself.

What is “Cable Haunt”?

Earlier this month, Lyrebirds, a security research group discovered an exploit which likely affects hundreds of millions of cable modems worldwide. They have dubbed it “Cable Haunt”, AKA CVE-2019-19494.

If you’re successfully attacked, your attackers are given full remote access to your modem and all the traffic flowing through it. This could include intercepting private communication, redirecting traffic, and even tell the modem to ignore system updates.

Who is affected?

So far, researchers have not found evidence of attackers using the exploit in the wild, but warn that it would be very easy to hide evidence of the attack. Because it’s still a relatively difficult exploit to take advantage of, Lyrebirds believes that the average consumer won’t be targeted by the exploit (until “easy-to-use” exploit kits are developed and gain popularity).

As of January 15, 2020, the Cable Haunt exploit has been found affecting cable modems made by Netgear, Arris, COMPAL, Technicolor, and more. The flaw originates in Broadcom reference software, which has appeared in fairly common firmware for many household cable modems used worldwide.

Models known to be affected include:

Arris Surfboard CM8200A
Arris Surfboard SB6183
Arris Surfboard SB8200
COMPAL 7284E
COMPAL 7486E
Humax HGB10R-02
Netgear C6250EMR
Netgear CG3700EMR
Netgear CM1000
Sagemcom F@st 3686
Sagemcom F@st 3890
Technicolor TC4400
Technicolor TC7230
Technicolor TC7300

*some firmware versions of those models might not be at risk

What steps should I take?

This attack is unique in that the average consumer doesn’t have access to update or fix their own modems (only routers). Due to that issue, there’s more pressure on internet service providers to roll out an update to address the problem. Many American ISPs have stated that they’re testing for the vulnerability now, and working on plans to mitigate anything they find.

If you think your modem is affected and you’re worried about getting it resolved quickly we recommend you reach out to your ISP directly to ask them about the status of the Cable Haunt fix.

If you’re tech-savvy and curious, this article has some steps you can take to learn if your specific device is affected, and Lyrebirds’ official page for Cable Haunt is being updated with much more in-depth information on the exploit as news comes to surface.

Sources:

https://cablehaunt.com/

https://www.tomsguide.com/news/cable-haunt-modem-flaw

https://threatpost.com/cable-haunt-remote-code-execution/151756/

Garrett Wenger

Garrett Wenger is a storyteller and marketer at Newmind Group, and a native to Kalamazoo, MI. He received his BFA in English Literature from Western Michigan University, and has heritage in Southwest Michigan’s creative writing community. He published his first book of poetry in late 2013, and he has been featured in numerous literary journals.