Researchers have analyzed several wireless modems offered by Internet service providers (ISPs) worldwide to customers and discovered that they are plagued by many serious vulnerabilities.
Over the past year, security research company SEARCH-LAB has analyzed the modems offered to customers in Hungary by Liberty Global-owned telecommunications services provider UPC Broadband, including Ubee, Technicolor, Cisco, Hitron and Compal devices. Experts pointed out that these modems are used by ISPs from all over the world.
Researchers spent between three hours and two weeks manually analyzing Ubee EVW3226, Technicolor TC7200, Cisco EPC392, Hitron CGNV4 and Compal CH7465LG modems. A total of 58 serious vulnerabilities have been discovered in these products as a result of the investigation, including many weaknesses that allow attackers to gain administrator access to devices, make configuration changes, or execute arbitrary code.
The list of bugs includes insecure session management, authentication bypass, command injection, information disclosure, buffer overflow, CSRF and default password issues. Forty of the flaws have been found in Compal modems, on which researchers spent two weeks as part of a pilot project commissioned by Liberty Global.
Most of the targeted devices were only analyzed for three hours and just a handful of vulnerabilities have been found. However, SEARCH-LAB told SecurityWeek that a larger number of issues would have likely been identified if more time had been spent analyzing these modems.
One of the most serious problems discovered by researchers is related to the use of default Wi-Fi passphrases. Experts determined that the password could be brute-forced on Ubee, Technicolor and Cisco devices in just a few seconds as it was generated based on easily obtainable data, such as serial numbers and MAC addresses.
The vulnerabilities found by SEARCH-LAB have been reported to Liberty Global, which notified the device manufacturers. Some of the problems have been addressed, while others, such as the default passwords, are more difficult to resolve, especially since the information is in many cases printed on the devices.
SEARCH-LAB is currently conducting a wardriving experiment in Hungary to determine how many users still rely on default passwords even after repeated warnings from the ISP.
“A proof-of-concept application was also developed to demonstrate that the home Wi-Fi networks that are operated by these devices are easily attackable from the street by wardriving,” SEARCH-LAB researcher Gergely Eberhardt told SecurityWeek.
“What made the situation even worse; we discovered that after taking over the control on the attacked Wi-Fi devices and were able to execute our own code on them, we gained access not just to the local home networks, but though the internal network of the ISP we gained access to other home routers too,” Eberhardt explained.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
