So we are now 4 months after first discovering that a Intel Puma can be taken offline in a trivial way that a grandma could do. Its been covered in countless press reports and has published exploit code. Intel Product Security is well aware of the issue.
NOTHING has occurred. Stunningly Intel seems to have buried the issue by claiming all its vendors must first have a chance to patch the issue. Which is responsible, however, 4 months is no longer responsible for a published 0-day that has no mitigation.
It really appears the worldwide standard for network security CERT has been neutered by Intel.
Ive sent a number of emails to the powers that be at CERT and never gotten a response.
Intel has "reserved" a CVE but has not filled anything into this. The ONLY modem vendor to do the responsible thing and issue a alert was Netgear. Intel has never issued any alert or notice.
This whole thing has shaken my trust in the CERT CVE process.
Where to discuss the parts inside a modem
1 post • Page 1 of 1