Cable Haunt Vulnerability Exposes Modems to Remote Attacks

(Image credit: Shutterstock)

Researchers today revealed Cable Haunt, a security vulnerability that affects modems from numerous manufacturers, and said it could affect hundreds of millions of modems in Europe alone. Unfortunately, there's little consumers can do about the issue.

According to the researchers, hackers could exploit Cable Haunt to "intercept private messages, redirect traffic, or [participate] in botnets." It turns out the vulnerability itself is exposed to a local network, but due to "improper websocket usage" it can be remotely exploited, even though it should have been limited to localized attacks.

Cable Haunt is said to affect modems from at least four different manufacturers. Those companies appear to share some code with each other, which is why the vulnerability is present in various products. That also makes it hard to guess how many modems are actually affected by the vulnerability. 

The researchers explained:

"There are an estimated 200 million cable modems in Europe alone. With almost no cable modem tested being secure without a firmware update, the number of modems initially vulnerable in Europe is estimated to be close to this number. However, it is tough to give a precise estimate of the reach of Cable Haunt. The reason for this is that the vulnerability originated in reference software, which has seemingly been copied by different cable modems manufacturers when creating their cable modem firmware. This means that we have not been able to track the exact spread of the vulnerability and that it might present itself in slightly different ways for different manufacturers."

The researchers reportedly contacted numerous companies with information about Cable Haunt but had limited success. Some companies released firmware updates to defend their modems, and others didn't respond at all. That's why the researchers urged consumers to ask their modem's manufacturer if they're vulnerable.

Branding the vulnerability when many companies have yet to defend against it might seem ill-advised. The researchers explained on the Cable Haunt website that they felt compelled to gain as much attention as possible, however, because otherwise they wouldn't be able to effect meaningful change on the necessary scale.

Cable Haunt isn't limited to a single company's modems, and the software flaws that led to the vulnerability aren't managed by a single entity, either. Enlisting potentially affected consumers in efforts to force manufacturers to defend against the vulnerability might have been the only option available to Cable Haunt's discoverers.

The researchers set up an FAQ explaining the vulnerability's discovery and disclosure. They also compiled lists of modems known to be affected by the vulnerability or to have been secured against it. Now it's up to modem companies to fix the problem.

Affected Modems Confirmed by ISPs

Swipe to scroll horizontally
ModelFirmware Version Port
Sagemcom F@st 3890 50.10.19.* 6080
Sagemcom F@st 3686 SIP_3.428.0-* 6080
Technicolor TC7230 STEB 01.25 8080
Netgear C6250EMR V2.01.05 8080
Sagemcom F@st 3890 05.76.6.3a unknown
Sagemcom F@st 3686 4.83.0 unknown
COMPAL 7284E 5.510.5.11 unknown
COMPAL 7486E 5.510.5.11 unknown
Netgear CG3700EMR V2.01.058080

Other Affected Modems

ISPs haven't confirmed that these modems are vulnerable, but the researchers said their community has. 

Swipe to scroll horizontally
ModelFirmware Version Port
Technicolor TC4400 SR70.12.33-180327 8080
Arris Surfboard SB8200 0200.174F.311915 8080
Arris Surfboard CM8200A unknownunknown
Arris Surfboard SB6813­ D30CM-OSPREY-1.5.2.5-GA-00-NOSH unknown
Netgear CM1000* V6.01.02 8080
Humax HGB10R-02­ BRGCAB 1.0.03­ 8080
Technicolor TC7300­ STF3.31.11­ 8080
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.