An anonymous reader writes: A security researcher using Shodan to probe Arris cable modems for vulnerabilities has found that 600, 000 of the company’s modems not only have a backdoor, but that the backdoor itself has an extra backdoor. Brazilian vulnerability tester Bernardo Rodrigues posted that he found undocumented libraries in three models, initially leading to a backdoor that uses an admin password disclosed back in 2009. Brazilian researcher Bernardo Rodrigues notes that the secondary backdoor has a password derived in part from the final five digits from the modem’s serial number. However, the default ‘root’ password for the affected models remains ‘arris.’ Read more of this story at Slashdot.
600,000 Arris Cable Modems Have ‘Backdoors In Backdoors,’ Researcher Claims