Cable Haunt: 200,000,000+ Cable Modems Across May Be Vulnerable

A group of Danish security researchers have discovered a vulnerability in Cable Modems in Europe and potentially worldwide that leverages a function of Broadcom chips called the spectrum analyzer. Spectrum Analyzer is a debugger tool usually only available on the internal network. But the researchers say they’ve discovered more ways to allow access to an endpoint. Theoretically this could allow for some social engineering including a remote MIT (man in the middle attack), through a browser as well as other ways to compromise an endpoint.

Accessing the Endpoint

The endpoint, which serves a tool called spectrum analyzer, uses a websocket for communication with the graphical frontend displayed in a browser. Whereas CORS would restrict access to such an endpoint for HTTP requests, websocket is not protected by this protocol. Therefore, it is up to the server to verify the relevant request parameters added by the browser. Because these parameters are never inspected by the cable modem, the websocket will accept requests made by javascript running in the browser regardless of origin, thereby allowing attackers to reach the endpoint. It should be noted that the exploit is not limited to run in a browser. Any place where running code can reach an IP on the local network, can be used to exploit Cable Haunt.

Full research at Cable Haunt site here:

https://cablehaunt.com


Featured Webinars


Advanced Phishing and
Training

Monday 1:30 PM – 2:30 PM
» Learn More
Outlook Phish Alert Button
Tuesday 1:30 PM – 2:30 PM
» Learn More
Customizing Phishing Templates, Landing Pages, & Training Notifications
Wednesday 1:30 PM – 2:30 PM
» Learn More
Active Directory Integration
(ADI) Setup

Thursday 1:30 PM – 2:30 PM
» Learn More
Gold/Platinum/Diamond
Features

Friday 1:30 PM – 2:30 PM
» Learn More

Privacy Policy | Terms of Service