Is the CODA-4680 modem susceptible to the Cable Haunt vulnerability?
For starters, does the CODA-4680 use Broadcom chips? Even the product description and datasheet do not mention specific hardware.
Answers
-
If you are afraid set the DNS on your device and you should be ok0
-
Setting a static DNS won't prevent this exploit.
"While DNS rebind can be used in the exploit as explained in the report, it is significantly easier for an attacker to exploit the modem via a direct javascript request."
Direct link to the website dedicated to this vulnerability: https://cablehaunt.com/
0 -
This Break SSL/TLS? No. This does not break encryption, as long as your connection is properly established between you and the intended recipient. However, your modem is most likely doing your DNS lookups and can act as a proxy, so you might still be in some trouble. With mechanisms like HSTS, exploiting this is becoming increasingly difficult, but not impossible.
therefore if you are setting a static DNS directly in your pc you should minimize problems
0 -
This ine is not for me0
-
Funny I was wondering the same thing0
-
Unfortunately not, they use intel puma
https://www.reddit.com/r/FizzMobile/comments/aviiz3/known_issues_with_hitron_coda4680/1 -
@Mike Yes, getting the modem compromised would leave the user helpless, since only the ISP has control over it and firmware updates. I have had static DNS specified in my router long before this. As a side note, Fizz/Videotron seem not to implement DNSSEC, which would be broadly helpful. My previous ISP did.
@Chris I don't see anything about Intel Puma in that link, but if we can confirm it at least it will be a silver lining.
P.S. The link I provided in my original post to the article describing the Cable Haunt vulnerability has vanished... It's annoying that there seems to be silent moderator action going on. Is linking to external sites not allowed in the Community Hub? Anyone interested to learn more will have to search for themselves.0 -
The data sheet here:
http://www.hitron-americas.com/wp-content/uploads/2018/04/CODA-4680_datasheet_2018-07-03.pdf
mentions Intel Puma 7.1 -
Ah it is in the datasheet after all! Intel Puma 7 is mentioned in the subheading, and not in the specifications section...
Ok, so we can sleep better knowing this vulnerability does not affect the CODA-4680.1