Security Researcher Joe Vennix has discovered multiple vulnerabilities in the 'ARRIS / Motorola SURFboard SBG6580' series Wi-Fi Cable Modem that could allow hackers to take control of the Web Interface.
One of the flaws(CVE-2015-0964) is a stored cross site scripting vulnerability in the firewall configuration page could allow an authenticated attacker to inject javascript code capable of performing any action available in the web interface.
The other vulnerability allows to perform a login action "on behalf of the victim's browser by an arbitrary website, without the user's knowledge."
And on top of this, it has pre-installed backdoor accounts. Devices tested by the researcher had an account called "technician" with the password "yZgO8Bvj".
"Other accounts may be present as installed by service providers and resellers." Rapid7 post reads.
Rapid7 has published a metasploit module that "takes advantage of all three vulnerabilities to place an arbitrary internal endpoint in the DMZ of the affected network, thus exposing all running services to direct Internet access.
The module also capable of stealing the information of all registered DHCP clients including IPs, hostnames and MAC addresses.
