A security researcher found a critical vulnerability in Arris routers – that can let anyone with log-in access exploit it for remote code execution (RCE) attacks.
Though it needs initial access to the router, the researcher warns of the fact that most people don’t change their default credentials – putting them all at risk. Arris acknowledged his report but denied safeguarding them with suitable updates since they’re running on end-of-life firmware versions.
Dumping Support Since Out of Date
Routers, being an important element of local networking solutions, should be safeguarded with adequate security measures to keep the connections trusted all over the network. But, both OEMs and users often discard this principle for several reasons.
Here’s one such story of Arris – as reported by a security researcher named Yerodin Richards. Arris routers running on a firmware version 9.1.103 are vulnerable to RCE attacks – due to an authenticated bug, tracked as CVE-2022-45701. He disclosed this responsibly to the OEM and now shared its proof-of-Concept code for exploitation.
Though it needs an initial authentication, Richards demonstrated how an insecure verification method could ironically be used against users. The exploitation of this bug relies on the fact that most people don’t change their default router credentials – just because they’re too lazy or none have told them strongly enough to change them for self-good.
If not, authenticated users can exploit the underlying bug to invoke a remote code execution ability – and perform any malicious operation they want. Richards noted Arris routers TG2482A, TG2492, and SBG10 models are affected by this, which are mostly seen in the Caribbean and Latin America, generally loaned by ISPs for telephony and internet connections.
“It is also worth noting that there are no https setting to secure credentials in transit.”
He informed his findings to Arris – but the company denied serving them with necessary patches citing their end-of-life (EOL) period! This puts all the users of the above-mentioned router models at risk, making them a perfect target for Mirai botnet-like services, which target vulnerable devices with default credentials.
Well, the only reliable solution, according to researchers, is to “run the exploit to gain a root shell and try to patch it from there,” – which by no means is a simple solution for a normal user. Thus, the general actions you may perform now are to change the password to a strong one and keep checking for any malicious behavior in your network connections.