Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,651,191

members

44

online now

1,826,566

discussions

Back to Top

ARRIS/Motorola SB612X and SB6141 modem unauthenticated remote reboot vulnerability

SOLVED
Posted by
Official Employee

Message 51 of 61
19,202 Views

Dan34 wrote:

I'm another user who needs to be able to programatically reset my modem.  Fixing a bug by eliminating features is amateur hour.  Put a login/password on it for pete sake.  Now I have to go find another modem.  Thanks comcast!


It's been mentioned in this thread that since the modem is a layer 2 network device, there should be no need to factory reset the gateway. Please see ARRISTuska's post here for more detail on how to reset the modem from the web GUI: http://forums.xfinity.com/t5/Basic-Internet-Connectivity-And/ARRIS-Motorola-SB612X-and-SB6141-modem-...


--
John
xfinity.com/experience



Community Icon
I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: Product, Support, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am an Offical Comcast Employee.
Official Employees are from multiple teams within Comcast.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am a Comcast Employee.
Please post so people with similar questions may benefit.
Was your question answered?
Mark it as a solution!solution Icon
Posted by
Frequent Visitor

Message 52 of 61
19,189 Views

But this still requires PHYSICAL access to the modem and connections, I really would prefer not to have to move furniture to do that, remote power switches are cheap, but remote RF switches are not

 

And why is this now such a hot item that needed to be hastily fixed, its been there for years, why not take the time to properly fix the issue as opposed to a Q&D hack? The original Motorola used to make decent equipment and fix things correctly, not a C&D (cheap and dirty) hack

 

And I have yet to get it to reboot though Comcast's troubleshooting page

Posted by
Visitor
Message 53 of 61
19,181 Views


"there should be no need to factory reset the gateway"

Please don't dismiss my requirements for my device.  You have no knowledge of my use-case.  I need this feature. I bought a modem specifically with this feature, and it worked, until comcast broke it to "fix" it.

Posted by
Contributor

Message 54 of 61
19,179 Views

gwtx wrote:

But this still requires PHYSICAL access to the modem and connections, I really would prefer not to have to move furniture to do that, remote power switches are cheap, but remote RF switches are not

 

And why is this now such a hot item that needed to be hastily fixed, its been there for years, why not take the time to properly fix the issue as opposed to a Q&D hack? The original Motorola used to make decent equipment and fix things correctly, not a C&D (cheap and dirty) hack

 

And I have yet to get it to reboot though Comcast's troubleshooting page


My solution was to get a network-attached powercycling device.

Some brands are: WTI, Dataprobe, Synaccess

Posted by
Authorized Vendor

Message 55 of 61
19,147 Views

gwtx wrote:

And why is this now such a hot item that needed to be hastily fixed, its been there for years, why not take the time to properly fix the issue as opposed to a Q&D hack?

 


So the issue is no authentication needed to reset the device..  All someone had to do from the LAN is send a request..  So when a deivce on the local network gets hacked (not talking about the modem here) the hacker could issue a request to have the modem reboot..  This is what was removed..

 

I have a request in to get this function back again we are looking into it..

-------------------------------------
Network Engineer, IP Engineer, Docsis..; the views expressed on this post are mine and do not necessarily reflect the views of my employer..

Gamer.. Living the dream one catastrophe at a time Smiley Happy ..
Posted by
Frequent Visitor

Message 56 of 61
19,057 Views

Yes, I understand that no authentication needed to reset the device,  on a Comcast network all that is required is a 3-4 minute reboot. which I generally run around once a month or so anyway, all the stories so far have concerned a web page hack, so unless I continously hit that web page, it a non-issue, my point is your crippled a "feature" that was used by some of us over a non-issue

 

So when a deivce on the local network gets hacked

 

So there is now a virus that viciously reboots a modem?

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 57 of 61
19,042 Views

Seriously this is a major goof by comcast. They ruined the modem to fix a problem that was a complete non-issue. Kinda hillarious.

Posted by
Bronze Problem Solver

Message 58 of 61
19,028 Views

JoshHays wrote:

Seriously this is a major goof by comcast. They ruined the modem to fix a problem that was a complete non-issue. Kinda hillarious.


First and formost Comcat does not write the firmware Arris does so basically this is the fix Arris has decided to implement to fix this non issue. In my opinion Arris just took the easy way out instead of simply adding a changeable password prompt to enter the GUI of the modem instead of disabling useful features. So folks can't blame Comcast on this one. 

Posted by
Official Employee

Message 59 of 61
18,770 Views

Update 5/10/16: Customers using the ARRIS SB6190 modem should note that a firmware update is currently being tested starting today and will be released soon after testing is complete.


--
John
xfinity.com/experience



Community Icon
I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: Product, Support, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am an Offical Comcast Employee.
Official Employees are from multiple teams within Comcast.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am a Comcast Employee.
Please post so people with similar questions may benefit.
Was your question answered?
Mark it as a solution!solution Icon
Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 60 of 61
18,683 Views

Question: Have been having issues accessing Subject modem, via a browser. Numerous restarts failed to give more than one access. After that access, no longer able to access until another unplugging of the modem. Yesterday, the network went down. My wife restarted our router and all seemed fine. I checked the modem and it appears a new firmware (Feb. 2016, I believe) is sitting on the modem. Yes, easily accessible configuration page via a browser, now. However, there is no longer the option to reset the cable modem or to restart it, via the browser. Did Comcast push that new firmware? Why is the configuration no longer allowed to reset the modem? Is Comcast legally able to push firmware to an owner owned modem (just asking, not being snippy?)

 

Thanks for any and all replies.

 

Posted by
Visitor
  • Congrats on Posting your first topic!
  • Congratulations on receiving your first Kudos! Thank you for your meaningful contribution to the forum. May this be the first of many kudos.

Message 61 of 61
18,041 Views

I use the SB6121 V5 modem to connect to my comcast account.  Recently (from viewing from my modem log file), I noticed that there was a firmware change (dated Feb 16 2016 11:28:04) pushed out to my SB6121 on May 4 2016.  This change took away the ability to remotely reboot my modem thru my LAN connection using the CONFIGURATION tab.  I understand that there was some security issue with the factory reset function allowed on that screen, of which I never used and could possibly understand its removal.  But the remote reboot function, which was also taken away in this firmware release, was very helpfull due to my modem not being next to my PC's.  It allowed me to be able to reboot without being right next to the modem and physically disconnecting/connecting the power supply randomly each month. 

 

Because of the location in which I live, I was an active user of the reboot feature of my modem inorder to maintain good connection speeds which I subscribe and pay for each month.  This was one of the primary reasons for purchasing this modem in the first place.  Is there any way to have the reboot feature brought back?