"Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks"

Malwarebytes recently warned of a remote code execution vulnerability impacting several Arris routers, for which proof-of-concept (PoC) exploit code has been released.  Tracked as CVE-2022-45701, the bug exists because the router firmware does not properly neutralize special characters in requests, which allowed the researchers to perform shell script command injection.  The researchers noted that the impacted models have reached end-of-life (EOL) and are no longer supported by CommScope (the company that acquired Arris), meaning they are unlikely to receive patches.  The security defect impacts G2482A, TG2492, and SBG10 routers running firmware version 9.1.103, which are commonly found in the Latin America and Caribbean region.  The researchers stated that although login credentials are required to exploit the vulnerability, users often leave default usernames and passwords on their devices, either because the process of changing or removing them is too complicated or because they are not explicitly told to modify them during the setup process.  The researchers noted that not only are these routers susceptible to attacks that rely on brute-forcing default credentials, but because they do not secure credentials in transit using HTTPS, they are also prone to exposing them to attackers that can intercept traffic. 

SecurityWeek reports: "Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks"