Security bod Bernardo Rodrigues has found a backdoor-within-a-backdoor affecting some 600,000 Arris cable modems. The broadband kit company said, in a statement to El Reg, that it is working “around the clock” to fix the problems. Rodrigues (@bernardomr), a vulnerability tester with Brazil’s Globo television network, reported the undocumented library in three Arris cable modems. The Shodan exposed device search engine reveals some 600,000 are affected, he says. The initial backdoor – an admin password based on a known seed – was disclosed in 2009. Now Rodrigues has found a backdoor within the hidden administrative shell that can own the cable modems.
View full story
ORIGINAL SOURCE: The Regiser