Welcome to the Spectrum Community

Get answers, share solutions, help your community.

Start here

Cable Haunt: Remote Code Exploit affecting multiple cable modem models

SanDiegoDanaSanDiegoDana Posts: 3
in Home Networking Jan 14, 2020

Reference:
https://cablehaunt.com/

 

Hopefully we can get a rapid response from Spectrum on this one.  There are SO MANY different models impacted that it will likely be difficult to get firmware updates for all of them rolled out, but hopefully it will go faster than the IPv6 fix for the SB6183 Smiley Happy

Comments

  • SanDiegoDanaSanDiegoDana Posts: 3
    Jan 14, 2020

    I wonder if we can cross-reference the list of approved modems with those that are impacted?

    https://www.spectrum.net/support/internet/compliant-modems-charter-network/

  • James_MJames_M Posts: 2,074 admin
    Jan 14, 2020

    Charter is currently working closely with each of our vendors to determine if their equipment is vulnerable and when we could expect to see a firmware upgrade.

  • michael33michael33 Posts: 8
    Jan 14, 2020

    I have confirmed that my modem is vulnerable, so just tell me directly that you will not install the updated software that you were provided by Netgear in May of 2019. Just be honest. Modem is a Netgear CM600 running firmware  V1.01.14 

     

    According to Netgear, Spectrum supports the oldest firmware on this modem compared to other ISPs. See 

    https://kb.netgear.com/000036375/What-s-the-latest-firmware-version-of-my-NETGEAR-cable-modem-or-modem-router

     

     

  • SanDiegoDanaSanDiegoDana Posts: 3
    Jan 15, 2020

    Thanks, @James_M !

     

    I know that getting the firmware updates out there is a huge logistics challenge: the number of devices impacted is large, and the number of customers is large, and the number of distribution points is also large: this is a monumental task!

     

    I also imagine that you are not on the "front lines", as it were, handling the communication between the modem vendors and Charter/TWC/Spectrum.

     

    If you can keep us updated, though, if you do hear something that you can share, we would greatly appreciate it!

     

    Thanks!

  • James_MJames_M Posts: 2,074 admin
    Jan 15, 2020

    Yes, we will provide an update when we have additional information available.  

  • MikeyfromdablocMikeyfromdabloc Posts: 1
    Jan 15, 2020
    I can confirm SB6183 is vulnerable. This is from the reference test from Lyrebirds and on a customer owned modem.

    In the meantime I have disabled access to the modem IP by means of a black hole route, but it's a pain having to switch it off to diagnose signal problems.

    Be honest with your customers for a second here. Customer owned devices are going to be dead last to get new firmware, if they get it at all. Most likely we'll just get banned and told that we need to use a Spectrum owned device.

    The spectrum analyzer is a feature that most of us don't use or even want. Just turn the darn thing off. We just want our internet to work without having to worry about it unleashing havoc on our home networks.

    So... any ETA on a fix?
  • karlbeckmankarlbeckman Posts: 2,205 ✭✭✭✭
    Jan 16, 2020

    You are posting comments and opinions from a number of European sources in a peer-to-peer user technical support group staffed by other Spectrum customers.  This area is moderated by Spectrum employees, but is not monitored by Spectrum's business or technical management teams. 

  • Smith6612Smith6612 Posts: 44
    Mar 01, 2020

    Careful with requesting just a simple fix. On a lot of the new modems Spectrum rolls out, Spectrum disables the web interface on the modem. No Spectrum Analyzer, no SIgnal pages, no Status pages. It helps improve the modem's security by mitigating the problem, but... it can also be a scapegoat for having to test and deploy firmware updates.

This discussion has been closed.