Hybrid Networks Cable Broadband Access System 1.0 - Remote Configuration Vulnerability

1999-10-05T00:00:00
ID EDB-ID:19538
Type exploitdb
Reporter KSR[T]
Modified 1999-10-05T00:00:00

Description

Hybrid Networks Cable Broadband Access System 1.0 Remote Configuration Vulnerability. CVE-1999-0791. Remote exploit for hardware platform

                                        
                                            source: http://www.securityfocus.com/bid/695/info

Hybrid Network's cable modems are vulnerable to several different types of attack due to a lack of authentication for the remote administration/configuration system. The cable modems use a protocol called HSMP, which uses UDP as its transport layer protocol. This makes it trivial to spoof packets and possible for hackers to compromise cable-modem subscribers anonymously. The possible consequences of this problem being exploited are very serious and range from denial of service attacks to running arbitrary code on the modem.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19538-1.tar.gz
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19538-2.tar.gz
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19538-3.tar.gz