» ISP News » 

UPDATE2 Low Bandwidth DoS Attack Can Hammer Virgin Media SuperHub 3

Thursday, April 27th, 2017 (9:59 am) - Score 12,360

A growing number of Virgin Media’s cable broadband customers are claiming that the operator’s latest SuperHub 3 (Hub 3.0) router may be vulnerable to a low bandwidth Denial of Service (DoS) attack (i.e. a malicious person with a slow ADSL line could easily ruin your day).

Hopefully by now most of our Virgin Media using readers will be aware that the SuperHub 3 (ARRIS TG2492S/CE) uses a Intel Puma 6 chipset (x86 SoC), which is currently quite notorious due to how it suffers from a tedious bug that causes latency spikes and packet loss (here and here). A fix for this flaw has been in the works for some considerable time but, as we revealed last month, it’s still going through some lengthy testing.

Unfortunately it seems like the situation is about to get worse. Feedback on the DSL Reports site and Virgin Media’s Community Forum appears to show that the hardware is also vulnerable to a simple DoS attack, which means that if somebody knows your Virgin IP address then they could hit you with packets of data (i.e. sending random UDP data to the given host with random destination ports) from even a slow broadband connection and this effectively makes your Internet connection unusable.


In the example above a 1Mbps DoS causes an average latency rise of +20ms (milliseconds) and quite a few high peaks, while 2Mbps delivers +200ms and a huge amount of packet loss (65%).. it only gets worse from there. The 2Mbps example is enough to ruin most of your Internet activity until the attack stops (sadly you can’t block this one via the SH3’s firewall).

The vulnerability also impacts other routers that use the same Puma 6 chipset. We have asked Virgin Media for a comment and they’ve promised to respond, once their hub and security teams have had a chance to take a closer look. At this point we should remind readers that attacking another Internet user in this way could be considered a criminal offence.

Credits to one of our readers, Dale, for raising the issue. We will update once an official comment arrives and in the meantime The Register has also run a similar story.

UPDATE 12:29pm

According to Ross Allan, who created a piece of software to test the bug, such an attack can’t be stopped by the SH3’s firmwall either because packets from the internet would come through the modem then reach your firewall (i.e. by that point the damage is already done).

UPDATE 4:52pm

Took awhile but Virgin Media has finally given is a comment, although it’s unlikely to satisfy those with concerns.

A Virgin Media Spokesperson told ISPreview.co.uk:

“We take the security and the reliability of our service very seriously and have tools and systems in place on our network to protect our customers. We are currently speaking to our suppliers regarding reports of Puma 6 issues.”

UPDATE 2nd May 2017

Netgear has published a related Security Advisory for their Puma 6 supporting CM700 cable modem kit, which appears to confirm the issue.

Netgear Update

NETGEAR is aware of a security vulnerability that can potentially allow an attacker to slow or stop your network access. This vulnerability does not pose a risk for data loss or access to your network. This vulnerability potentially affects the following products:

* CM700

No workaround is available at this time.

NETGEAR is working to evaluate this vulnerability and will update this knowledge base article as more information becomes available.

At this point it’s beginning to feel like anything with a Puma 6 inside should probably be avoided, which is easier said than done for big ISPs like Virgin Media that take their orders from Liberty Global. Intel has long since moved on from the older Puma 6 but they’re still required to provide support to vendors, even if that support does appear to move at a snail’s pace.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
9 Responses
  1. Porlock says:

    Does anyone know whether the modem/router used by VM’s business customers suffers from these same problems?

    1. Rich says:

      The Hutron CGNV4? It’s the same Puma6 chipset.

      VM really need to drop the SH3 and replace with something from Motorola.

    2. Vince says:

      Yep, having tested it – especially if you’re on a Dynamic IP.

  2. Dave says:

    The Arris modems are what used to be Motorola I believe.

    1. CarlT says:

      Yep. Arris bought Motorola’s cable business a while back.

  3. Chris P says:

    Where are the virgin supporters claiming this is irrelevant or other such nonsense?

    1. Kelvin says:

      Its an Intel chipset issue not a Virgin issue, though of course that wont stop silly comments from trolls that can not read.

      VM and other ISPs that use cable both here and worldwide are likely to just give up on waiting on Intel to fix the issue which is in many cable modem devices. The superhub 3 is over a year old, it does not support Docsis 3.1 which is the future, that along with the issues and i would not be shocked if VM and others using gear with the same chipset just dumped it soon for a new device. That would be the logical thing since the chipset has had so many issues and getting support from Intel for any legacy device is like pulling teeth.

    2. Lee says:

      I both agree and disagree with you Kevin. First, in my opinion, it is Virgin’s issue and is owned by Virgin. Ultimately its a problem with Intel hardware, but as Virgin are experiencing these issues its there job to come to a quick solution. I’m not sure if you mean ‘problem’ rather than ‘issue’, but they are two different things. The problem has been identified with Intel’s Chip, however its Virgin’s issue, as it is with other providers. As they are experiencing it, they need to do something about it.

      Virgin resoling this will be complicated, like you have explained, they should “dump” them. However, they will have a legal contract with Arris to provide branded hardware, getting out of this will be legally complicated.

      How this normally goes in situations like this, is Virgin pushing Arris, Arris pushing Intel. Intel identified firmware code will fix it, its then a matter of time for them to provide a fix in code, although its been too long IMO. As I understand this has been done and legally, I do not think there will be a breach in contract, be it damaging to that contract anyway. So Virgin couldn’t have dumped them earlier or anytime soon, but they possibly may for SH5. That time to dump them would also be time consuming to get a new supplier, branded hardware and manufacturing. Realistically I do not think dumping Arris has or will be possible for a quicker fix.

      Virgin are in early stages of testing this firmware. That was reported on something like 9th March, so a fix is due.

      Again in my opinion, I do not understand why Virgin continued to deploy SH3 to high end customers or swap out working SH2 devices, but Netgear contracts for SH2 I suspect had no or limited overlap and will have expired.

      Lastly, Virgin and many of the other providers have not performed adequate testing. This should have been identified earlier and never deployed until fixed.

    3. alan says:

      No other ISP has come up with a fix for any hardware affected by this Intel bug. IT affects all models and manufacturers that have used the Intel Puma chipset. Its not up to or the responsibility for any ISP to fix it. I frankly doubt any with the exception of a small few ISPs even has a hand in firmware writing for half the devices they supply.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Ultrafast ISPs
  • Gigaclear £17.00
    Speed: 200Mbps, Unlimited
    Gift: None
  • Community Fibre £20.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • Virgin Media £24.00
    Speed: 108Mbps, Unlimited
    Gift: None
  • Vodafone £25.00
    Speed: 100Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00
    Speed: 158Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Superfast ISPs
  • Hyperoptic £17.99
    Speed 33Mbps, Unlimited
    Gift: None
  • Shell Energy £19.99
    Speed 35Mbps, Unlimited
    Gift: None
  • NOW £20.00
    Speed 36Mbps, Unlimited
    Gift: None
  • Virgin Media £20.00
    Speed 54Mbps, Unlimited
    Gift: None
  • Vodafone £22.00
    Speed 38Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (4097)
  2. BT (3145)
  3. Politics (2107)
  4. Building Digital UK (2019)
  5. Openreach (1966)
  6. FTTC (1920)
  7. Business (1825)
  8. Mobile Broadband (1601)
  9. Statistics (1505)
  10. 4G (1374)
  11. FTTH (1371)
  12. Virgin Media (1274)
  13. Ofcom Regulation (1238)
  14. Wireless Internet (1232)
  15. Fibre Optic (1232)
  16. Vodafone (925)
  17. EE (903)
  18. 5G (894)
  19. TalkTalk (820)
  20. Sky Broadband (786)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact