Menu
Reply
Highlighted
  • 1
  • 0
  • 0
Joining in
1,251 Views
Message 1 of 7
Flag for a moderator

Cable Haunt issue

I just heard about the Cable Haunt vulnerability issue with most cable modems. Is anyone at virgin media looking into this vulnerability?

BR

John

 

 

0 Kudos
Reply
Highlighted
  • 61
  • 5
  • 2
Dialled in
1,241 Views
Message 2 of 7
Flag for a moderator
Helpful Answer

Re: Cable Haunt issue

IIRC, the exploit impacts routers with Broadcom CPU's.


I know the SH3 and SH4 are intel powered, how about the older routers?

0 Kudos
Reply
Highlighted
  • 14.73K
  • 620
  • 1.42K
Alessandro Volta
1,216 Views
Message 3 of 7
Flag for a moderator

Re: Cable Haunt issue

It would seem VM for the super hub 1 has blocked off port 8080 to 192.168.100.1 on the hub to not have that vulnerability.

You can have a firewall to only allow only port 80 and ICMP to 192.168.100.1 to not have this problem.

the attack is from your LAN by a browser by your end not remotely by WAN side

---------------------------------------------------------------
0 Kudos
Reply
Highlighted
  • 12
  • 0
  • 3
On our wavelength
1,111 Views
Message 4 of 7
Flag for a moderator

Re: Cable Haunt issue

This isn't solved. This a mitigation that most of the customers will struggle to implement.

This issue has been known about by ISPs since MAY 2019, the fix has been published a requires a firmware which can only be done by the ISP. Which I suspect there will be reluctance as this causes an outage for ~1hr. But if the bad guys get in first they can upload their own firmware which will lock out the ISP..  What are you planning to do about this?

Exploit code is already available if you search for it..  I don't think this can be ignored.

https://cablehaunt.com 

 

 

 

 

 

0 Kudos
Reply
Highlighted
  • 2.51K
  • 157
  • 657
Problem sorter
1,088 Views
Message 5 of 7
Flag for a moderator

Re: Cable Haunt issue

Do we know which (if any) VM routers are affected? Hub 3 and Hub 4 definitely aren't, neither is the SH2ac which was a Puma 5. Not sure about the original SH2 and SH1.

0 Kudos
Reply
Highlighted
  • 31.31K
  • 1.63K
  • 5.47K
Very Insightful Person
Very Insightful Person
1,079 Views
Message 6 of 7
Flag for a moderator

Re: Cable Haunt issue

the SH1 and 2 are EOL so they will not get patched even if they are effected.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 7.54K
  • 260
  • 1.91K
Community Manager
Community Manager
701 Views
Message 7 of 7
Flag for a moderator

Re: Cable Haunt issue

Hi everyone,

As you’d expect, we regularly test our equipment in light of new security developments. Following further investigation we can confirm that we are not exposed to these issues on our product portfolio.

Kev

The do's and don'ts. Keep the community welcoming for all. Follow the house rules


0 Kudos
Reply