***** If you think my answer has helped - please provide me with a Kudos rating and mark as Helpful Answer!! I do not work for Virgin Media - all opinions expressed are of my own and all answers are provided from my own and past experiences. Office 365, Dynamics CRM and Cloud Computing Jedi
the vulnerability affects cable modems using chipset designer Broadcom's software running on the open-source Embedded Configurable Operating System (eCos)
the vulnerability originated in [Broadcom's] reference software, which have seemingly been copied by different cable modems manufacturers, when creating their cable modem firmware,
So, which VM routers are Broadcom chipset based? Could VM issue a list of their cable modem versions that are vulnerable?
While there are certainly people here who can answer your questions you need to appreciate certain realities.
Firstly, VM tends to take existing devices from 'decent' manufacturers, and then often re-write it entirely . . Often this is the cause of so many posts here, especially historically on older models. There are plenty of tiny pc's on ebay, often adapted and refurbished windows terminals on ebay which can be easily installed with a firewall/router package like Pfsense or similar.
Follow this route and you get high end security and many more useful functions, like built-in vpns, and the like.
This is a complex subject, but being secure beyond a certain level tends to need one being better informed.
Secondly, many vulnerabilities are 'known' long before they're published. This gives manufacturers time to provide and for resellers to release patches. This varies, I admit, but a good example, if rather different, is where Microsoft publishes its monthly Windows update code to large corporate customers a week before us 'unwashed masses' see them to allow time for testing in widely varying environments.
News sites, as with newspapers need exciting or perhaps shocking stories to bring in advertising and readers. There are many such vulnerabilities out there, and few have actually been exploited in the real world. For one, what value is there in messing with your router settings?
Of course some are, especially where users or companies persist in using outdated operating systems, such as Windows 7 (or worse) and examples of ransom ware attacks, especially on the NHS, tend to highlight this.
Ultimately, keep your pc patched, reboot when prompted, and install good antivirus and Firewall software. Nowadays, the latter prevents nasty code leaving your pc, not just getting in. Consider placing your hub in bridge/modem mode and use a decent router or better still an old multi-interface pc running a Linux based firewall in its place.
Basic security is common sense. If you know enough to justifiably be worried by such stories, you probably know enough to take better precautions.
AndyBundy ----------------- I don't work for VM. I am medically 'retired' after working for a large multi-national Telco and have spent fifteen years in WAN/LAN IP Networking, Network Management and IT Support.
Thanks also for the advice to use a third party security device to protect my LAN, which I already do. So I think (NEVER know for sure ☹ ), that my internal LAN is quite well protected. I agree that vulnerabilities are known about by major manufacturers well in advance of publication. This has been the case with this vulnerability but this site… https://cablehaunt.com/ has now published its proof of concept for an attack into the wild, together with the full technical report and test script. The news site “The Reg” is only one of the sites carrying this story, others include Zdnet, SecurityWeek Forbs and others so it’s not just an exciting headline in a backwater publication.
Also, patching and updating your PC will not protect you from this attack as it’s implemented as a Man-In-The-Middle exploit in the router not the PC so all UNENCRYPTED traffic between the LAN and the outside world is potentially compromised.
So, back to the main question. Which VM routers are Broadcom chipset based? Could VM issue a list of their cable modem versions that are vulnerable?