Arris handling modem DNS issue with firmware update

Arris said it's addressing a vulnerability in its SurfBoard 6141 DOCSIS 3.0 modems with a firmware update.

"We are in the process of working with our service provider customers to make this release available to subscribers," company spokeswoman Jeanne Russo told FierceCable. "We take product performance very seriously. We work actively with security organizations and our service provider customers to quickly resolve any potential vulnerabilities to protect the subscribers who use our devices."

A report in the IT forum seclists.org had identified the Arris cable modem as being vulnerable to denial of service attacks. 

"It is also possible to factory reset the modem with a simple unauthenticated URL," the report said. "This causes a longer outage while the modem renegotiates with the ISP — which can in certain cases even require calling the ISP to initiate the reactivation."

Arris disputes the report that more than 135 million SB6141 units are impacted.

In November, a Brazilian security analyst documented multiple backdoors allowing remote access to Arris cable modems.

"While researching on the subject, I found a previously undisclosed backdoor on Arris cable modems, affecting many of their devices including TG862A, TG862G, DG860A," said Bernardo Rodriques on his personal blog. "As of this writing, Shodan [search engine] searches indicate that the backdoor affects over 600,000 externally accessible hosts and the vendor did not state whether it's going to fix it yet."

Arris is a leading manufacturer of cable modems, selling its devices to Comcast (NASDAQ: CMCSA), Time Warner Cable (NYSE: TWC), Charter Communications (NASDAQ: CHTR) and Cox Communications. 

For more:
- read this seclists.org report
- read this Digital Trends story

Related articles:
Arris says security threat posed by reported cable modem backdoor is 'low'
Some Arris cable modems reportedly can be hacked through back door

WHITEPAPER

How To Lower the Cost of Ownership of Your Cable Access Network

This white paper presents a cost analysis of a virtualized cable modem termination system (CMTS) deployed in a distributed access architecture (DAA). Learn how to eliminate traditional CMTS constraints, efficiently enhance your network performance and more.

Suggested Articles

WarnerMedia scored a key HBO Max distribution deal with Comcast just as it launched in May. Nearly six months later, there still isn’t an app.

How can we defend ourselves? Mostly, it’s a matter of common sense.

Comcast is planning new data caps and video service price increases for its subscribers in 2021.