Menu
Reply
Highlighted
  • 1
  • 0
  • 0
Joining in
1,142 Views
Message 1 of 7
Flag for a moderator

Cable Haunt issue

I just heard about the Cable Haunt vulnerability issue with most cable modems. Is anyone at virgin media looking into this vulnerability?

BR

John

 

 

0 Kudos
Reply
Highlighted
  • 61
  • 5
  • 2
Dialled in
1,132 Views
Message 2 of 7
Flag for a moderator
Helpful Answer

Re: Cable Haunt issue

IIRC, the exploit impacts routers with Broadcom CPU's.


I know the SH3 and SH4 are intel powered, how about the older routers?

0 Kudos
Reply
Highlighted
  • 14.27K
  • 591
  • 1.37K
Alessandro Volta
1,107 Views
Message 3 of 7
Flag for a moderator

Re: Cable Haunt issue

It would seem VM for the super hub 1 has blocked off port 8080 to 192.168.100.1 on the hub to not have that vulnerability.

You can have a firewall to only allow only port 80 and ICMP to 192.168.100.1 to not have this problem.

the attack is from your LAN by a browser by your end not remotely by WAN side

---------------------------------------------------------------
0 Kudos
Reply
Highlighted
  • 12
  • 0
  • 3
On our wavelength
1,002 Views
Message 4 of 7
Flag for a moderator

Re: Cable Haunt issue

This isn't solved. This a mitigation that most of the customers will struggle to implement.

This issue has been known about by ISPs since MAY 2019, the fix has been published a requires a firmware which can only be done by the ISP. Which I suspect there will be reluctance as this causes an outage for ~1hr. But if the bad guys get in first they can upload their own firmware which will lock out the ISP..  What are you planning to do about this?

Exploit code is already available if you search for it..  I don't think this can be ignored.

https://cablehaunt.com 

 

 

 

 

 

0 Kudos
Reply
Highlighted
  • 2.48K
  • 156
  • 643
Problem sorter
979 Views
Message 5 of 7
Flag for a moderator

Re: Cable Haunt issue

Do we know which (if any) VM routers are affected? Hub 3 and Hub 4 definitely aren't, neither is the SH2ac which was a Puma 5. Not sure about the original SH2 and SH1.

0 Kudos
Reply
Highlighted
  • 30.3K
  • 1.51K
  • 5.26K
Very Insightful Person
Very Insightful Person
970 Views
Message 6 of 7
Flag for a moderator

Re: Cable Haunt issue

the SH1 and 2 are EOL so they will not get patched even if they are effected.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 7.42K
  • 254
  • 1.77K
Community Lead
Community Lead
592 Views
Message 7 of 7
Flag for a moderator

Re: Cable Haunt issue

Hi everyone,

As you’d expect, we regularly test our equipment in light of new security developments. Following further investigation we can confirm that we are not exposed to these issues on our product portfolio.

Kev

The do's and don'ts. Keep the community welcoming for all. Follow the house rules


0 Kudos
Reply