Arris Lookup

Posted on  by

Arris Lookup

Brian is the Managing Partner of Arris Partner. A graduate of the University of Notre Dame, with an MBA from the Duke University Fuqua School of Business, Brian has held high level executive officer positions in finance and accounting over the years, including Chief Financial Officer of a large, international public real estate development and management company. While employed as a CPA by a Big 8 accounting firm, Brian helped lead the audits of several public and private companies, including one of the largest corporations in the world.

ARRIS is aware of a new Internet phishing scam in the form of imposter posts to social media sites like Facebook directing customers to fraudulent phone numbers for ARRIS customer support. Please report any web sites claiming to be ARRIS technical support or suspicious emails, messages, or phone calls to +1-877-466-8646.

ARRIS SURFboard SB8200 DOCSIS 3.1 Gigabit Cable Modem, Approved for Cox, Xfinity, Spectrum & others, White, Max Internet Speed Plan 2000 Mbps 4.5 out of 5 stars 22,138 $147.04 $ 147. 04 $199.99 $199.99. According to ARRIS, without being in range, these two modems (SB6183,SB6190) lack sufficient power to operate, providing end users with intermittent performance. Here is current info showing my range (SB6183). Can I replace my old nvg510 arris router/modem? I just want to know if all routers are supported if I were to replace my old one. With say a Cisco router or any other brand. Shodan search results show that many devices are accessible on the public Internet through telnet, SSH, or web management. An attacker with access to the web management interface and the technician password or SNMP can enable telnet and SSH. Logging as technician using the 'password of the day' provides a restricted minicli shell.

Before joining Arris Partners, Brian led another search firm and several successful high-tech companies. His dynamic style and ability to form solid business alliances has uniquely qualified him to lead Arris Partners. Brian specializes in placing top-tier senior-level and mid-level professionals in world-class companies.

Brian is very active in serving both the communities of Wilmington, NC and Southern Pines, NC where he lives, and the Raleigh-Durham area of North Carolina, where Arris Partners is headquartered. Brian is the Founder of the Cape Fear 50 Club, a club consisting of CEOs of significant organizations, and he serves on the Boards of Advisors for the University of North Carolina – Chapel Hill and Band Together, as well as the boards of many charitable organizations.

Industry Focus:Private Equity and Venture Capital

Testimonials

'I met Brian while I was recently actively pursuing a career change. As a candidate for a job search I am seeking 3 important attributes from a recruiter:
1.) Knowledge of the client.
2.) Knowledge of the search process.
3.) Intangible likability factor.
My experience with Brian is he excelled in each of these attributes. I would highly recommend Brian for an executive job search. '

Arris Device Lookup

Tim Pollard, VP Revenue Cycle

Security researchers have found five gaping holes in the firmware running on Arris modems, three of which are hardcoded backdoor accounts.

An attacker could use any of these three accounts to access and take over the device with elevated privileges — even root — install new firmware, and ensnare the modem in a larger botnet.

The vulnerabilities came to light after a review of the Arris firmware carried out by experts from Nomotion Labs.

According to Nomotion, the flaws are found in both the standard Arris firmware, but also in the extra code added on top by OEMs. In their research, experts looked at an Arris modem installed on the network of AT&T.

Researchers said the flaws affect NVG589 and NVG599 modems. Both models aren't available through the Arris website and appear to be discontinued products. Based on Censys and Shodan data, researchers believe there are at least 220,000 of these vulnerable modems connected online.

Below is a summary of all the flaws researchers discovered:

Backdoor #1

Modems come with SSH enabled by default and exposed to external connections. Attackers could use the default 'remotessh/5SaP9I26' username and password combo to authenticate on any modem with root access — this means an attacker can do whatever he wants on the device.

Researchers said they only identified around 15,000 Arris modems featuring this backdoor, meaning ISPs or OEMs most likely blocked external SSH access to most devices.

Backdoor #2

Arris modems come with a built-in web server that runs its internal admin panel. Attackers can authenticate on port 49955 with the username 'tech' and an empty password.

Command injection

The same built-in web server is vulnerable to a command injection flaw that allows attackers to run shell commands in the context of the web server — which is pretty high since the server is used to manage the device via a web panel.

Nomotion says there are over 220,000 devices vulnerable to this flaw. This flaw can be exploited even without the use of one of the hardcoded backdoors. All the attacker needs is to a malformed network request to the modem's 49955 port. Basic ISP-level filters could stop the exploitation of this bug.

Backdoor #3

Attackers can use the 'bdctest/bdctest' username and password to authenticate on the device via port 61001. Exploiting this flaw requires the attacker to know the device's serial number.

Even if not easy to exploit, a determined attacker can find a way to leak the serial number on a per-device basis and access the device. Researchers said this account reveals information about logs, modem's WiFi credentials, and the MAC addresses of internal hosts.

Firewall bypass

A well-crafted HTTP request sent via port 49152 will allow attackers to bypass the modem's internal firewall and open a TCP proxy connection to the device.

Bypassing the firewall allows the attacker to exploit the other four vulnerabilities even if the user thought he secured his router by enabling an on-device firewall.

An attacker only needs a modem's public IP address to exploit this bug, but this can be obtained from services like Shodan, Censys, or ZoomEye.

Arris

'Every single AT&T device observed has had this port (49152) open and has responded to probes,' Nomotion said.

No exploitation attempts detected yet

Arris Modem Lookup

The five flaws are not zero-days as researchers have not found any evidence they were exploited in attacks prior to releasing their research.

For owners of said devices, Nomotion has published basic self-mitigation instructions that device owners and ISPs can use to block access to the backdoors and fix some of the flaws. The self-mitigations are available at the end of the Nomotion report.

Victor Gevers, chairman of the GDI Foundation, has also offered his organization's resources in helping users and ISPs mitigate the disclosed issues.

If you are a user or an ISP using these vulnerable Arris devices and you need help fixing the security issues? Then please ping us here. https://t.co/7nPHbHCZ4z

— GDI Foundation (@GDI_FDN) August 31, 2017

Related Articles: