Arris Routers Vulnerable to Remote Code Execution
February 17, 2023
Malwarebytes has warned of a remote code execution vulnerability impacting several Arris routers, tracked as CVE-2022-45701. The impacted models have reached end-of-life (EOL) and are no longer supported by CommScope, meaning they are unlikely to receive patches. The bug exists because the router firmware does not properly neutralize special characters in requests, allowing attackers to perform shell script command injection.
Login credentials are required to exploit the vulnerability, but users often leave default usernames and passwords on their devices, either because the process of changing or removing them is too complicated or because they are not explicitly told to modify them during the setup process. Not only are these routers susceptible to attacks that rely on brute-forcing default credentials, but, because they do not secure credentials in transit using HTTPS, they are also prone to exposing them to attackers able to intercept traffic.
To mitigate the risks, users are advised to secure their devices with strong passwords, albeit an experienced attacker able to eavesdrop on the unprotected traffic could intercept the password. Changing the router firmware would be a better solution, but, as security researcher Yerodin Richards noted, “providers are lax about pushing updates and there is no easy way for an end user to do this themselves”. According to Richards, users “could run the exploit to gain a root shell and try to patch it from there but this is by no means a simple solution”.
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.