SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   SURFboard Vendors:   Motorola
Motorola SURFboard Cable Modem Can Be Crashed By Remote Users Conducting Port Scans
SecurityTracker Alert ID:  1005519
SecurityTracker URL:  http://securitytracker.com/id/1005519
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 3 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): SB4200; firmware version SB4200-0.4.4.0-SCM06-NOSH
Description:   A denial of service vulnerability was reported in Motorola's SURFboard SB4200 cable modem. A remote user can cause the device to crash.

It is reported that the default installation used by AT&T Broadband Internet allows a remote user to crash the device. A remote user can conduct a port scan of the modem's IP address to cause the modem to crash. A demonstration expoit is provided:

nmap -sS -p 1-1024 [ip address]

A remote user on the internal LAN can also conduct a port scan against the modem's internal IP address to cause the device to crash.

A hard restart is required to return to normal operations.

Version SB4200-0.4.4.0-SCM06-NOSH is affected. Other versions may also be affected.

Other users report that version SB4220-0.6.3.0-SCM-01-NOSH and SB4100 model version SB4100E-4.1.4-SCM9-NOSHELL is not vulnerable.

Impact:   A remote user can cause the device to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.gi.com/noflash/sb4200.html (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  Motorola Cable Modem DOS


I've found it trivial to crash the Motorola Surfboard 4200 Cable modem,
as installed default by AT&T Broadband Internet.

The modem acts as a bridge, but also has an internal RFC1918 IP address
(192.168.100.1).  Simply  nmap'ing the cable user's IP address, ie:
# nmap -sS -p 1-1024 12.x.x.x
will cause it to crash, rendering the ethernet interface useless.  It is
also possible to crash it from the lan by simply doing the same scan
against the cable modem's internal IP address.  The crash is not
specific to nmap, there are other publicly available tools which cause
the same result.  This is known to be effective on Software Version:
SB4200-0.4.4.0-SCM06-NOSH. (possibly others?)

The only way to restore network connectivity is to physically unplug the
cable modem for a few seconds, then restore power.  A better solution
would be to buy your own cable modem, and not rent this useless junk
from AT&T.

Attempts to notify AT&T about this issue resulted in them wanting to
send a technician to my house to check my wiring.  Don't even get me
started on their tech support...

Ryan 




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC