In a report, researchers at Lyrebirds, a Danish security firm, said cable modems using Broadcom chips were vulnerable to a new vulnerability called Cable Haunt, zdnet reported. The vulnerability affected about 200 million cable modems in Europe alone, the report said.
The vulnerability affects a standard component of the Broadcom chip, the spectrum analyzer. This is a hardware and software component that protects the cable modem from fluctuations and interference from coaxial cable signals. Internet service providers (ISPs) often use this component to debug connection quality.
On most cable modems, the component can only be accessed through an internal network connection.
The team said broadspectrum analyzers lack edi-fonitist protection against DNS rebinding attacks, use default credentials, and contain programming errors in the firmware.
By luring users to access malicious pages through their browsers, an attacker could use the browser to pass vulnerabilities to vulnerable components and execute commands on the device.
Although the research team estimates that there are about 200 million vulnerable devices across Europe, they believe that the total number of available devices cannot be quantified.