03-10-2016, 03:24 AM
Due to the presence of IPsec encryption I believe I have magically discovered a DHCP offer vulnerability to destroy the CM's ARP table. That allows ARP poisoning and easy config forcing, among other things. I should be able to push custom firmware and make it look like it's coming from the CMTS, avoiding physical flashing. I'll keep you all posted!
-C. Colin Applegate
NSA Director GSA35,0
CEO Comcast Cable
CEO Applegate Consulting LLC
AUTHORIZED BY THE PRESIDENT