back to article Netgear confirms: Intel's wobbly Puma 6 in fast broadband modems is super-easy to choke out

Netgear has warned customers about the trivial denial-of-service vulnerability discovered in its Intel-powered gigabit cable modems. The networking biz is advising owners of the CM700 gateway to sit tight while it figures out how to patch a weakness that leaves the modem prone to DoS attacks. In other words, there is no …

  1. Kevin McMurtrie Silver badge
    Paris Hilton

    Why is this a thing now?

    Is there any consumer or "small business" device that isn't trivial to crash? Many of them don't even need to be provoked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why is this a thing now?

      Many consumer and small business devices are not prone to trivial crash. The motorola cable modem I'm using now is not affected by "trivial" packet stream and I bet many other ADSL/cable modem brands are not affected by "trivial" packet stream DoS.

      Intel quality heading south lately, not sure what's going on with QA.

      https://www.theregister.co.uk/2017/04/27/intel_puma6_chipset_trivial_to_dos/

      https://www.theregister.co.uk/2017/04/27/intel_redesigns_atom_line/

      1. Kevin McMurtrie Silver badge

        Re: Why is this a thing now?

        Make a list of all URLs that a modem/router supports. Hit them all repeatedly with fuzzing and time the response. Scan for open ports and send them HTTP requests too. Hit the slowest results repeatedly and you'll usually cause a failure of some kind - OOM, buffer overflow, deadlock threads, or a good old fashioned brown-out.

    2. Christian Berger Silver badge

      There's quite some stuff

      For example the "Fritz!Box" which typically preforms much better in terms of security and stability than many "enterprise grade" systems.

      On the other hand, there's a brand of rather expensive "enterprise grade" systems with their own custom operation system, which gets stuck in an infinite loop when you set a wrong password on your SIP-account.

  2. adam 40 Bronze badge

    haven't Intel submitted firmware patches for this?

    As I understand it, Intel have rolled out firmware updates to the modem manufacturers and these are being rolled out to the ISP's.

    I understand Virgin for exmple is going to be distributing firmware "soon" although they might still mean a month or two away.

  3. Riz

    Virgin Media shameful Super Hub 3 policy

    Given the issues of the Puma 6 chipset. Why isn't there coverage on Virgin Media's shameful policy of forcing users to use the Super Hub 3. (If BT had a dodgy Homehub this site would be gleefully taking them to task on a daily basis)

    Plenty of people on the official forums are being stonewalled and the problems obfuscated.

  4. Riz

    CVE - Recognised Cyber Security Vulnerability

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15078

    The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris TG2492 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15064. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Virgin Media.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019