How to check if you are vulnerable to Cable Haunt: CVE-2020-19494
<img src="/resources/img/blog/cve/2020-0601/cable_haunt_gradient.png" style="max-width:250px; display: table; margin:auto;padding:20px;" alt="The Hades Distribution Company homepage"><br> <h4>Background:</h4> <p>Cable Haunt is a critical vulnerability discovered in cable modems that can allow remote code execution. This essentially means that with a specially crafted payload an attacker could gain access to your home network and all of the devices connected to it. At the moment it is estimated that up to 200 million modems are vulnerable to this attack in Europe alone.<br><br>Luckily the researchers who discovered this exploit have created a way for customers to determine if they are vulnerable to this attack. How to see if you are vulnerable can be determined by following these steps.</p> <h4>Requirements:</h4> <p>You must have python installed on your system, and considering the deprecation of python 2 is finally upon us I'm going to say, you need <a href="https://realpython.com/installing-python/" target="_blank">Python 3.7</a> installed.<br> You will also need to have <a href="https://pipenv.readthedocs.io/en/latest/install/#installing-pipenv" target="_blank">Pipenv</a> installed for the dependency management of the script.<br> Finally you will need a copy of the Cable Haunt teams vulnerability checking script, which can be found on <a href="https://github.com/Lyrebirds/cable-haunt-vulnerability-test" target="_blank">GitHub</a>. <br><br></p> <h4>Running the Script:</h4> <p>Once all of the requirements are installed on your system you are ready to begin testing your modem.<br> From your terminal or command prompt, change directory into the 'cable-haunt-vulnerability-test' folder.<br> Then run the following command:<br> <pre> pipenv install </pre> This will install the single dependency into your new virtual environment, the WebSockets python library.<br> Finally run the script:<br> <pre> pipenv run python test.py </pre> <p>The script will take a while to run, as it will check two possible IP addresses your modem could be hosting the spectrum analyzer on. Both of these addresses will also have ports ranging from: 0 - 65535 scanned and if an active port is found it will be listed in the terminal and tested for a valid HTTP response.<br><br> Once the script is complete, you will be provided information as to whether your cable modem is vulnerable or not. Patches are being issued for this vulnerability from the modem’s providers, so it is likely that over the next couple of days you might experience a small outage, as your modem is being protected. <br>At this stage, there is limited information about the exploit being used in the wild, but it will likely only be a couple of weeks until we start to see serious attempts to attack modems on mass. Until then we are at the mercy of our manufacturers.</p>