Security Notice – Arris Cable Modem Back Door
As your network security partner, we are compelled to notify you of any major industry developments. The Arris Cable Modems have a serious vulnerability for remote attacks. A previously undisclosed backdoor on ARRIS cable modems, affecting many of their devices including: TG862A, TG862G, DG860A. As of this writing, Shodan searches indicate that the backdoor affects over 600,000 externally accessible hosts and the vendor did not state whether it’s going to fix it yet. Shodan makes it too easy to detect and identify devices susceptible to a vulnerability without even scanning for it. The results are instant and almost undetectable for an incoming attack. I know these modem’s are used by Time Warner Cable especially.
Any Arris cable modem in transparent bridge mode connected to a firewall device should not be affected by this security risk, because the modem configuration interfaces are disabled and not world accessible. There currently is no firmware patch from the manufacturer to fix this issue.
For more information please see the following articles:
https://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html
If you need any further details or information please let us know. Please feel free to forward this notice to any industry professional. Our goal is if we can mitigate these type of issues before they occur, we can help prevent a massive disruption event.