Connect with us

Hi, what are you looking for?


Mobile & Wireless

Wireless ISP Modems Plagued by Serious Vulnerabilities

Researchers have analyzed several wireless modems offered by Internet service providers (ISPs) worldwide to customers and discovered that they are plagued by many serious vulnerabilities.

Researchers have analyzed several wireless modems offered by Internet service providers (ISPs) worldwide to customers and discovered that they are plagued by many serious vulnerabilities.

Over the past year, security research company SEARCH-LAB has analyzed the modems offered to customers in Hungary by Liberty Global-owned telecommunications services provider UPC Broadband, including Ubee, Technicolor, Cisco, Hitron and Compal devices. Experts pointed out that these modems are used by ISPs from all over the world.

Researchers spent between three hours and two weeks manually analyzing Ubee EVW3226, Technicolor TC7200, Cisco EPC392, Hitron CGNV4 and Compal CH7465LG modems. A total of 58 serious vulnerabilities have been discovered in these products as a result of the investigation, including many weaknesses that allow attackers to gain administrator access to devices, make configuration changes, or execute arbitrary code.Compal Modem vulnerabilities

The list of bugs includes insecure session management, authentication bypass, command injection, information disclosure, buffer overflow, CSRF and default password issues. Forty of the flaws have been found in Compal modems, on which researchers spent two weeks as part of a pilot project commissioned by Liberty Global.

Most of the targeted devices were only analyzed for three hours and just a handful of vulnerabilities have been found. However, SEARCH-LAB told SecurityWeek that a larger number of issues would have likely been identified if more time had been spent analyzing these modems.

One of the most serious problems discovered by researchers is related to the use of default Wi-Fi passphrases. Experts determined that the password could be brute-forced on Ubee, Technicolor and Cisco devices in just a few seconds as it was generated based on easily obtainable data, such as serial numbers and MAC addresses.

The vulnerabilities found by SEARCH-LAB have been reported to Liberty Global, which notified the device manufacturers. Some of the problems have been addressed, while others, such as the default passwords, are more difficult to resolve, especially since the information is in many cases printed on the devices.

SEARCH-LAB is currently conducting a wardriving experiment in Hungary to determine how many users still rely on default passwords even after repeated warnings from the ISP.

Advertisement. Scroll to continue reading.

“A proof-of-concept application was also developed to demonstrate that the home Wi-Fi networks that are operated by these devices are easily attackable from the street by wardriving,” SEARCH-LAB researcher Gergely Eberhardt told SecurityWeek.

“What made the situation even worse; we discovered that after taking over the control on the attacked Wi-Fi devices and were able to execute our own code on them, we gained access not just to the local home networks, but though the internal network of the ISP we gained access to other home routers too,” Eberhardt explained.

Related: LG NAS Devices Exposed to Remote Attacks

Related: Wi-Fi Flaw Exposes Android Devices to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.