404 Tech Support

Popular ARRIS (formerly Motorola) SURFboard 6141 cable modem vulnerable to unwanted reboots

For those with cable Internet providers like Comcast, Mediacom, Time Warner Cable, and others, there is a common cost savings method of buying your own cable modem. One of the most popular modems to buy is the ARRIS SURFboard 6141 cable modem. As it only costs $70 on Amazon.com, it can pay for itself in less than a year with a monthly rental of $5.99 or higher from the ISPs.

To kick off the month of April, security researcher David Longenecker disclosed a vulnerability in the SB6141 cable modem and later confirmed its existence in the old SB6121 and even older 5100 models. The problem lies in the fact that you can access the modem’s firmware web interface by simply visiting the website at 192.168.100.1 with no authentication required. This can be helpful to show the status and diagnostic information if you are having problems with your cable company.

Compounding this situation and making it even easier to be an annoyance, there is a page on the modem that will trigger it reboot. This means your Internet connectivity will be lost for a few minutes until the modem reconnects. The URL is simply 192.168.100.1/reset.htm and a simple visit to the page will start the reboot. If you can get a person to click the link, their modem will be rebooted. This is a more annoying form of a reboot. However, you can make this even more direct by declaring the link as the source for an image. The victim’s browser will try to load the page and the simple request to that page will trigger the reboot.

<img src=”http://192.168.100.1/reset.htm”>

This is the proof-of-concept in place at RebootMyModem.net, which you may visit if you have a different modem/connection or are willing to have your modem reboot. A rogue website or even ad network could deploy this concept to disrupt millions of Internet connections regularly.

To make things even worse, there is another page that will perform a full reset of your modem. This can take up to 30 minutes to reconnect to the Internet or may require a call to the ISP in order to reinitialize the modem to your account. That URL is: http://192.168.100.1/cmConfigData.htm?BUTTON_INPUT1=Reset+All+Defaults

Unfortunately, the 135 million consumers that have this modem are at the mercy of our ISPs. ARRIS does not provide firmware updates directly to consumers. Instead ISPs provide the firmware updates to our modems and many have a policy of not updating the firmware on consumer-owned modems. My SB6141 with Mediacom has a Firmware Build Time of May 6 2013 17:53:59. ARRIS has reportedly told a few media outlets that they are working with ISPs to release a firmware update to address this.