JMH3143· Microsoft MVP, Microsoft Support Visiting Expert,
Discussion Starter · #1 ·
https://threatpost.com/backdoor-in-a-backdoor-identified-in-600000-arris-modems/115459/Thousands of cable modems manufactured by the Georgia-based telecom Arris suffer from a series of issues: XSS and CSRF vulnerabilities, hard-coded passwords, and what a researcher is calling a backdoor in a backdoor.
Brazilian researcher Bernardo Rodrigues stumbled upon the issues several months ago while researching cable modem security for a conference and disclosed them last week.
The modems reportedly contain an undocumented library that acts as a backdoor, in turn allowing privileged logins using a custom password.