Cable Haunt Vulnerability Exposes Modems to Remote Attacks
Haunted Wi-Fi.
Researchers today revealed Cable Haunt, a security vulnerability that affects modems from numerous manufacturers, and said it could affect hundreds of millions of modems in Europe alone. Unfortunately, there's little consumers can do about the issue.
According to the researchers, hackers could exploit Cable Haunt to "intercept private messages, redirect traffic, or [participate] in botnets." It turns out the vulnerability itself is exposed to a local network, but due to "improper websocket usage" it can be remotely exploited, even though it should have been limited to localized attacks.
Cable Haunt is said to affect modems from at least four different manufacturers. Those companies appear to share some code with each other, which is why the vulnerability is present in various products. That also makes it hard to guess how many modems are actually affected by the vulnerability.
The researchers explained:
"There are an estimated 200 million cable modems in Europe alone. With almost no cable modem tested being secure without a firmware update, the number of modems initially vulnerable in Europe is estimated to be close to this number. However, it is tough to give a precise estimate of the reach of Cable Haunt. The reason for this is that the vulnerability originated in reference software, which has seemingly been copied by different cable modems manufacturers when creating their cable modem firmware. This means that we have not been able to track the exact spread of the vulnerability and that it might present itself in slightly different ways for different manufacturers."
The researchers reportedly contacted numerous companies with information about Cable Haunt but had limited success. Some companies released firmware updates to defend their modems, and others didn't respond at all. That's why the researchers urged consumers to ask their modem's manufacturer if they're vulnerable.
Branding the vulnerability when many companies have yet to defend against it might seem ill-advised. The researchers explained on the Cable Haunt website that they felt compelled to gain as much attention as possible, however, because otherwise they wouldn't be able to effect meaningful change on the necessary scale.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Cable Haunt isn't limited to a single company's modems, and the software flaws that led to the vulnerability aren't managed by a single entity, either. Enlisting potentially affected consumers in efforts to force manufacturers to defend against the vulnerability might have been the only option available to Cable Haunt's discoverers.
The researchers set up an FAQ explaining the vulnerability's discovery and disclosure. They also compiled lists of modems known to be affected by the vulnerability or to have been secured against it. Now it's up to modem companies to fix the problem.
Affected Modems Confirmed by ISPs
Model | Firmware Version | Port |
Sagemcom F@st 3890 | 50.10.19.* | 6080 |
Sagemcom F@st 3686 | SIP_3.428.0-* | 6080 |
Technicolor TC7230 | STEB 01.25 | 8080 |
Netgear C6250EMR | V2.01.05 | 8080 |
Sagemcom F@st 3890 | 05.76.6.3a | unknown |
Sagemcom F@st 3686 | 4.83.0 | unknown |
COMPAL 7284E | 5.510.5.11 | unknown |
COMPAL 7486E | 5.510.5.11 | unknown |
Netgear CG3700EMR | V2.01.05 | 8080 |
Other Affected Modems
ISPs haven't confirmed that these modems are vulnerable, but the researchers said their community has.
Model | Firmware Version | Port |
Technicolor TC4400 | SR70.12.33-180327 | 8080 |
Arris Surfboard SB8200 | 0200.174F.311915 | 8080 |
Arris Surfboard CM8200A | unknown | unknown |
Arris Surfboard SB6813 | D30CM-OSPREY-1.5.2.5-GA-00-NOSH | unknown |
Netgear CM1000* | V6.01.02 | 8080 |
Humax HGB10R-02 | BRGCAB 1.0.03 | 8080 |
Technicolor TC7300 | STF3.31.11 | 8080 |
Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.
USB-C cable CT scan reveals sinister active electronics — O.MG pen testing cable contains a hidden antenna and another die embedded in the microcontroller
Hackers breach Wi-Fi network of U.S. firm from Russia — daisy chain attack jumps from network to network to gain access from thousands of miles away