A critical vulnerability has been identified in multiple modem products from the vendor "In," which could allow a remote, unauthenticated attacker to cause a system crash or gain complete control of the device. Successful exploitation could lead to a severe denial of service, interception of network traffic, or unauthorized access to the internal network. Due to the critical severity and remote exploitability, this vulnerability poses a significant and immediate risk to the organization.

The vulnerability exists due to improper input validation within the modem's software. A remote attacker can send specially crafted data packets to an affected modem. Because the device does not correctly sanitize this input, it can lead to a memory corruption error, resulting in either a system crash (Denial of Service) or, more critically, arbitrary code execution, allowing the attacker to achieve a remote escalation of privilege to the highest level on the device. The attack can be launched remotely over the network and requires no prior authentication or user interaction.

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high potential for widespread and severe impact. Exploitation could lead to significant business disruption, including complete loss of internet connectivity if the modem crashes. A more severe consequence is a full system compromise, where an attacker could intercept all incoming and outgoing network traffic, leading to data theft of sensitive corporate or customer information. Furthermore, a compromised modem could be used as a beachhead to launch further attacks against the internal corporate network, bypassing perimeter security controls.

Immediate Action: The primary remediation is to apply the security patches provided by the vendor immediately. Identify all vulnerable "In" modem devices within the environment and update their firmware to the latest version. After patching, monitor the devices to ensure they are operating correctly and the vulnerability has been mitigated.

Proactive Monitoring: Implement enhanced monitoring of network traffic to and from affected modems. Look for signs of exploitation, such as unexpected device reboots, unusual traffic patterns, anomalous log entries indicating malformed data, or outbound connections from the modems to unknown command-and-control servers. Use network intrusion detection systems (NIDS) with updated signatures to detect and alert on potential attack attempts.

Compensating Controls: If immediate patching is not feasible, consider the following compensating controls:

• Restrict access to the modem's management interface from the internet.
• Implement strict firewall rules to limit traffic to only essential ports and services on the modem.
• Place the modems in a segmented network zone to limit an attacker's ability to move laterally into the corporate network if a device is compromised.

Public Exploit Available: False

Due to the critical severity (CVSS 9.8) and the potential for complete remote system compromise without authentication, this vulnerability requires immediate attention. We strongly recommend that all affected "In" modem devices are identified and patched on an emergency basis. While this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime candidate for future inclusion. The risk of operational disruption and network compromise is substantial, and immediate remediation should be the highest priority for the security and infrastructure teams.