NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

brycewade's avatar
brycewade
Follower
Jan 13, 2020

Firmware upgrade for Cable Haunt vulnerability on CM1000?

With the recent announcment of the Cable Haunt vulnerability (see https://cablehaunt.com/) and the inclusion of the CM1000 modem on the list of affected devices, is there an updated firmware availabl...
jvroom's avatar
jvroom
Initiate
Jan 13, 2020

Thanks for this helpful info.

 

I will add Netgear CM500 to the list of cable modems vulnerable to Cable Haunt (I have firmware V1.01.12).  If I navigate to 192.168.100.1 and login with admin/password, I get to an admin interface on the cable modem. If I navigate to 192.168.100.1:8080, I get to the problematic "spectrum" web screen that gives stats to the cable company about your modem's performance. Neither screen let's me add security and from what I understand the 8080 server allows websocket connections directly from a web-browser session.  That will allow a hacker to take over the cable router and run their own code there just by visiting a bad website, or a website with a bad advertisement.

 

I believe the right workaround for now is to block access to the admin for the cable modem from your LAN. I have an Orbi router in front and found that adding a static route for ip address: 192.168.100.1 with netmask 255.255.255.255 and metric 2 and gateway as my gateway (192.168.1.1) prevents the browser from getting to those sites now.

 

Jeff

linuxnutt's avatar
linuxnutt
Aspirant
Jan 18, 2020

Just a quick question in connecting to CM500 "spectrum" web screen/page at http://192.168.100.1:8080 typically is there a default password to connect as I've changed my admin password from the unsecure user "admin" and "password" credentilas to a more secure one. Yet when I try to use the default password or my changed admin password to connect http://192.168.100.1:8080 I'm not able to connect. 

 

In addition I'll add here for Linux firewall users how to block access to your cablemodem using null routes to blackhole the 192.168.100.1 IP. I spend a long minute trying to find this solution ( :-) ) and its really very easy you don't need to add an iptable rule to your firewall.

My network setup: Internet--ISP--Cable Modem--Smoothwall Firewall--Internal Network. On the firewall add a null route to blackhole the cable modem ip address (192.168.100.1). Here is a reference for specific how to setup and remove details - nixcraft, "How Do I Drop or Black Attackers IP Address with Null Routes on a Linux", https://www.cyberciti.biz/tips/how-do-i-drop-or-block-attackers-ip-with-null-routes.html. I've done it and the cable modem access from the internal network is blocked. This should help until Broadcom, Modem manafactures and your ISP come up with a firmware fix for Cable Haunt. If you need to reconnect to the cable modem for some reason simple remove the null route block.

 

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User
    Jan 18, 2020

    I've changed the PW on my CM1100 and I can still access the analyzer page using the PW I set for the modems main web page. 

    linuxnutt wrote:

    Just a quick question in connecting to CM500 "spectrum" web screen/page at http://192.168.100.1:8080 typically is there a default password to connect as I've changed my admin password from the unsecure user "admin" and "password" credentilas to a more secure one. Yet when I try to use the default password or my changed admin password to connect http://192.168.100.1:8080 I'm not able to connect. 

     

    In addition I'll add here for Linux firewall users how to block access to your cablemodem using null routes to blackhole the 192.168.100.1 IP. I spend a long minute trying to find this solution ( :-) ) and its really very easy you don't need to add an iptable rule to your firewall.

    My network setup: Internet--ISP--Cable Modem--Smoothwall Firewall--Internal Network. On the firewall add a null route to blackhole the cable modem ip address (192.168.100.1). Here is a reference for specific how to setup and remove details - nixcraft, "How Do I Drop or Black Attackers IP Address with Null Routes on a Linux", https://www.cyberciti.biz/tips/how-do-i-drop-or-block-attackers-ip-with-null-routes.html. I've done it and the cable modem access from the internal network is blocked. This should help until Broadcom, Modem manafactures and your ISP come up with a firmware fix for Cable Haunt. If you need to reconnect to the cable modem for some reason simple remove the null route block.