Arris handling modem DNS issue with firmware update

Arris said it's addressing a vulnerability in its SurfBoard 6141 DOCSIS 3.0 modems with a firmware update.

"We are in the process of working with our service provider customers to make this release available to subscribers," company spokeswoman Jeanne Russo told FierceCable. "We take product performance very seriously. We work actively with security organizations and our service provider customers to quickly resolve any potential vulnerabilities to protect the subscribers who use our devices."

A report in the IT forum seclists.org had identified the Arris cable modem as being vulnerable to denial of service attacks. 

"It is also possible to factory reset the modem with a simple unauthenticated URL," the report said. "This causes a longer outage while the modem renegotiates with the ISP — which can in certain cases even require calling the ISP to initiate the reactivation."

Arris disputes the report that more than 135 million SB6141 units are impacted.

In November, a Brazilian security analyst documented multiple backdoors allowing remote access to Arris cable modems.

"While researching on the subject, I found a previously undisclosed backdoor on Arris cable modems, affecting many of their devices including TG862A, TG862G, DG860A," said Bernardo Rodriques on his personal blog. "As of this writing, Shodan [search engine] searches indicate that the backdoor affects over 600,000 externally accessible hosts and the vendor did not state whether it's going to fix it yet."

Arris is a leading manufacturer of cable modems, selling its devices to Comcast (NASDAQ: CMCSA), Time Warner Cable (NYSE: TWC), Charter Communications (NASDAQ: CHTR) and Cox Communications. 

For more:
- read this seclists.org report
- read this Digital Trends story

Related articles:
Arris says security threat posed by reported cable modem backdoor is 'low'
Some Arris cable modems reportedly can be hacked through back door

Suggested Articles

There is no one size fits all strategy when it comes to using multi-CDNs to deliver video.

4KUniverse, an Ultra HD general entertainment channel in North America, is planning a streaming service while it also eyes nationwide expansion for its cable…

Data services company LiveRamp is acquiring neutral third-party ad measurement firm Data Plus Math in a deal reportedly valued at $150 million – $120 million…