Network Security, Vulnerability Management

Reboot flaw leaves millions of ARRIS SURFboard modems vulnerable

An unauthenticated reboot flaw has potentially left millions of ARRIS SURFboard modems vulnerable to a simple attack.

The bug exists in the SURFboard 6141 and SURFboard 5100 modems as a result of the devices' lack of authentication and its susceptibility to cross site request forgery attacks, according to a Security for Real People blog post penned by researcher David Longenecker. 

He that the flaw makes it easy to remotely reboot a modem without even using a password.

He said an attacker can simply browse the devices' IP address from the local network to access both diagnostic data and the web user interface which includes a reboot function.

ARRIS has reportedly updated the SB6141 firmware and is in the process of making it available to service providers since cable modems aren't “consumer-updateable.”

Longenecker recommended that users not click on unexpected or untrusted links until the flaw is patched.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.