1. Home
  2. System Vulnerabilities
  3. How to remediate – ARRIS Touchstone DG950A SNMP Information Disclosure (CVE-2014-…
Searching...

How to remediate – ARRIS Touchstone DG950A SNMP Information Disclosure (CVE-2014-…

Contents

1. Introduction

The ARRIS Touchstone DG950A SNMP Information Disclosure vulnerability (CVE-2014-4863) allows attackers to read sensitive information from affected cable modems via Simple Network Management Protocol (SNMP) requests. This could expose passwords, Wi-Fi network names (SSIDs), and other configuration details. Businesses using these devices should address this issue as it impacts the confidentiality of their network data.

2. Technical Explanation

The vulnerability occurs because the ARRIS Touchstone DG950A cable modem does not require authentication for SNMP requests, allowing anyone on the network to query sensitive information. An attacker can send a simple SNMP request to retrieve plaintext passwords and other data stored in the device’s configuration. The vulnerability is tracked as CVE-2014-4863.

  • Root cause: Lack of authentication for SNMP requests.
  • Exploit mechanism: An attacker sends an SNMP GET request to query sensitive information from the modem. For example, using a tool like snmpwalk without any credentials.
  • Scope: ARRIS Touchstone DG950A cable modems are affected.

3. Detection and Assessment

You can confirm if your system is vulnerable by checking the SNMP configuration on the device or attempting to retrieve information via an unauthenticated request.

  • Quick checks: Access the modem’s web interface and check the SNMP settings. If authentication is disabled, it’s likely vulnerable.
  • Scanning: Nessus vulnerability ID 69631 can detect this issue. Other scanners may also have signatures for CVE-2014-4863.
  • Logs and evidence: There are no specific logs indicating exploitation; however, monitoring network traffic for SNMP requests to the modem’s IP address could indicate suspicious activity.
snmpwalk -v 2c  public

4. Solution / Remediation Steps

The solution is to disable the SNMP service on the ARRIS Touchstone DG950A cable modem.

4.1 Preparation

  • This change requires a maintenance window as it may temporarily disrupt network monitoring that relies on SNMP. Approval from the network team may be necessary.

4.2 Implementation

  1. Step 1: Access the modem’s web interface using your browser.
  2. Step 2: Navigate to the “Management” or “SNMP” settings section (location varies by firmware version).
  3. Step 3: Disable the SNMP service.
  4. Step 4: Save the changes and reboot the modem if prompted.

4.3 Config or Code Example

Before

SNMP Enabled: Yes

After

SNMP Enabled: No

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this type of issue.

  • Practice 1: Least privilege – only enable services that are absolutely necessary and restrict access as much as possible.
  • Practice 2: Secure defaults – change default configurations, including disabling unnecessary services like SNMP by default.

4.5 Automation (Optional)

Automation is not typically available for this type of device configuration.

5. Verification / Validation

  • Post-fix check: Run `snmpwalk -v 2c public` again. You should no longer receive any responses or see a “Timeout” error.
  • Re-test: Re-run the initial detection method (SNMP configuration check in web interface) to confirm SNMP is disabled.
  • Monitoring: Monitor network traffic for any unexpected SNMP requests originating from or destined for the modem’s IP address.
snmpwalk -v 2c  public

6. Preventive Measures and Monitoring

Update security baselines to reflect disabling unnecessary services like SNMP.

  • Baselines: Update your network device security baseline or policy to include a requirement for disabling SNMP unless it is specifically needed with strong authentication.
  • Pipelines: Consider using configuration management tools to enforce the desired state of SNMP settings across all devices.

7. Risks, Side Effects, and Roll Back

Disabling SNMP may impact network monitoring systems that rely on it.

  • Risk or side effect 1: Network monitoring tools may stop receiving data from the modem if they use SNMP. Mitigation: Reconfigure monitoring tools to use alternative methods (e.g., Syslog, API).
  • Roll back: Step 1: Access the modem’s web interface. Step 2: Navigate to the “Management” or “SNMP” settings section. Step 3: Enable the SNMP service and save the changes. Step 4: Reboot the modem if prompted.

8. References and Resources

Links only to sources that match this exact vulnerability.

  • Vendor advisory or bulletin: CERT Vulnerability Note 855836
  • NVD or CVE entry: CVE-2014-4863
  • Product or platform documentation relevant to the fix: ARRIS Touchstone DG950A user manual (consult ARRIS support website for latest version).
Updated on October 26, 2025

Was this article helpful?

Yes No

Related Articles