Intel Puma


The Intel Puma 6/7 chip that is used in the devices listed -here- has a a serious security issue that has not been addressed to date. It allows a attacker to shut down your connection at will for as long as they want and the only way out from under the attack is to buy a different modem or change your IP. The ISP cant block the attack. It is a unpatched 0-day exploit that has no current mitigation with published code anyone can download and target other users. This issue was first reported in the press months ago and to date Intel has not fixed the issue and only Netgear has issued a urgent security alert about it. The issue can cause the modem to not be able to transmit or receive any data for as long as the attacker wants.

This issue was covered in the press with detail - here - - here -

The issue was acknowledged by at least one modem mfgr - here - with a advisory -here -

Intel Product Security has acknowledged the issue and agreed to a security rating of HIGH but has not issued a CVE or alert on the issue

There is a published exploit ( program) that allows even non technical users to attack Puma 6/7 based modems/gateways - here -

the CVE that Intel said would be assigned to this is CVE-2017-5693 -here-

In addition to the DoS mentioned above, there's also a memory corruption DoS which causes a full modem reboot. The details of this attack have not yet been published while a patch is being worked on.

These issue was discovered by Mackey at DSLReports

I have testing done with pingplotter shown -here-