NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Firmware upgrade for Cable Haunt vulnerability on CM1000?
With the recent announcment of the Cable Haunt vulnerability (see https://cablehaunt.com/) and the inclusion of the CM1000 modem on the list of affected devices, is there an updated firmware availabl...
Most and ALL cable modems FW comes from the cable modem Mfr. Then passes to the ISPs for there continued testing and certification. Once they certify that it works on there network, then they are the ones who push it out to the connected modems. Users will not ever see FW updates they can update themselves. Updates will always come from the ISP!!!
Also Some ISPs don't or won't update user owned Modems. So you'll need to ask your ISP about his.
For this problem however, the chip set Mfr, i.e. Broadcom has to make the change. Then they will pass it to the cable modem Mfrs for integration. Then the process starts again with the cable modem Mfrs passing to the ISPs for testing and certifiation.
Users will need to wait and be patient while the chipset Mfr review, test and fixes this problem. Broacom has made no accouncement acknowlegeding the problem that I can tell. All we can do is wait for the fix to eventually come thru. When and If it does.
So don't bother trying to get anything from NG. They have to wait for the fix to come from Broadcom.
I hope Broadcom processes all this faster than Intel did with the Puma issue. Took years for Intel to acknowledge the problem and come out with fixes. :smileyfrustrated:
BE PATIENT!
Broadcom actually released the patch in may of 2019.
Bottom of article in the “updates” section:
https://www.theregister.co.uk/2020/01/10/broadcom_cable_haunt_vulnerability/
Bottom of article in the “updates” section:
https://www.theregister.co.uk/2020/01/10/broadcom_cable_haunt_vulnerability/
Also states:
"We also asked the researchers whether the chip slinger's fix in May last year fully addressed the discovered vulnerability. They told us:
We have heard from Broadcom that they updated their reference software around that time, and we have no reason to believe otherwise. However we do not have access to this code or the previous version. We have only been able to see the binary firmware which the manufacturers deploy, so we can not confirm it.
Due to the nature of reference software, is not necessarily easily forwarded to the manufacturers, and we have no way of knowing for sure, if a manufacturer updated with the reference software or of their own accord.
We have not been able to get any worthwhile estimates of the units actually affected worldwide, however we are getting hundreds of emails from users reporting their modem vulnerable, and are constantly updating our website with this information."