Arris Routers Vulnerable to Remote Code Execution

February 17, 2023

Malwarebytes has warned of a remote code execution vulnerability impacting several Arris routers, tracked as CVE-2022-45701. The impacted models have reached end-of-life (EOL) and are no longer supported by CommScope, meaning they are unlikely to receive patches. The bug exists because the router firmware does not properly neutralize special characters in requests, allowing attackers to perform shell script command injection.

Login credentials are required to exploit the vulnerability, but users often leave default usernames and passwords on their devices, either because the process of changing or removing them is too complicated or because they are not explicitly told to modify them during the setup process. Not only are these routers susceptible to attacks that rely on brute-forcing default credentials, but, because they do not secure credentials in transit using HTTPS, they are also prone to exposing them to attackers able to intercept traffic.

To mitigate the risks, users are advised to secure their devices with strong passwords, albeit an experienced attacker able to eavesdrop on the unprotected traffic could intercept the password. Changing the router firmware would be a better solution, but, as security researcher Yerodin Richards noted, “providers are lax about pushing updates and there is no easy way for an end user to do this themselves”. According to Richards, users “could run the exploit to gain a root shell and try to patch it from there but this is by no means a simple solution”.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.