NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

brycewade's avatar
brycewade
Follower
Jan 13, 2020

Firmware upgrade for Cable Haunt vulnerability on CM1000?

With the recent announcment of the Cable Haunt vulnerability (see https://cablehaunt.com/) and the inclusion of the CM1000 modem on the list of affected devices, is there an updated firmware availabl...
dallas77us's avatar
dallas77us
Aspirant
Jan 13, 2020

@ jvroom

 

When I navigate to 192.168.100.1:8080 on my CM500, v1.01.11, I'm prompted for login credentials which I haven't yet tried to enter.  I assume the username and password are same as for the port 80 login.

 

I wonder, then, how the Cable Haunt exploit can be enabled if credentials are needed.

 

Were you prompted?  Is there a "logout" to click to get out of it?

 

Thanks!

 

 

jvroom's avatar
jvroom
Initiate
Jan 13, 2020

I was prompted only for the default port (80) and entered 'admin' and 'password'  The 8080 port (spectrum) did not ask for credentials... from the CableHaunt report, it's not secured for your 'LAN' by design, so the cable company can access that information from their systems. 

 

Jeff

  • dallas77us's avatar
    dallas77us
    Aspirant
    Jan 14, 2020

    Thanks for the reply.


    I should have been more specific as I meant the port 80 credentials.


    I understand, then, for the modem owner, opeing this spectrum web screen to look around is otherwise harmless and...


    There's a "logout" to click? Yes? No?

     

    Cheers.

    • FURRYe38's avatar
      FURRYe38
      Guru - Experienced User
      Jan 14, 2020

      No, thats one thing we don't see on the analyzer page is a log in or log out screen. Not sure if even having a PW put on this page will prevent hackers or not. Right now, a hacker needs to be on the LAN side of the modem to do something nefarious. Hopefully Broadcom will close this hole soon.