That zdnet article is erroneous and inaccurate.
Resetting those cable modems does nothing but cause them to reboot and reload a config file.
BUT, an attacker has to be ON a PRIVATE RFC 1918 network, inaccessible from the Internet in ALL cases.
They would also have to connect to each modem in order to accomplish said feat. It would take a very long time to scan the entire address space and find any modems in it.
Article grade, D--.
According to your critique, Article grade, F-.
But if that config file contents were reset to factory defaults it might not connect to the ISP provider.
But you do not understand the exploit. As far as the modem is concerned it saw the reset from the user on the LAN.
They don't have to. The user gets it when looking at an infected web page. As the article indicated it is a LAN side exploit.
Just how many users do you think get into their modem and change the LAN gateway address.
The address and web page is hard coded for that modem. See http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults
A user can reset the modem and erase every setting in it a thousand times a day, matters naught. It will resume correct operation every single time when it gets an IP address assigned to it and the bootp config file is delivered. A user cannot reset the contents of the modem bootp config file provided by the provider DHCP server. Every type of modem has a specfic bootp config file.
What exploit? It's not an "exploit". It was intentionally designed that way.
Yeah...? And you're going to get all the existing SB6141 modem owners to access that webpage how?
Therefore impossible to execute directly from the WAN side.
None, because they can't change it.
Irrelevant since the modem is bridging a public address and gateway to whatever is connected on the other side of it in the LAN anyway.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.