jclehner
commented
5 months ago Is unverified boot possible (secureboot?)?
According to deviwiki, it uses the BCM3384 chipset. Secure boot is only used by BCM3390-based modems.
any know vuls for root ?
Pre-BCM3390 devices use Linux only for providing things such as NAS capabilities using samba. The actual CM firmware is based on eCOS, running on a separate processor.
It might be possible to gain telnet access to the CM shell using SNMP, or a crafted GatewaySettings.bin file (if the web interface allows exporting that).
The device could also be affected by the Cable Haunt vulnerability.
Otherwise it's probably trivial to dump the NOR flash, and enable telnet using bcm2cfg. The flash chip should be located on the bottom side of the PCB (photos from FCC docs):
any firmware dump ?
Not yet.
I would be grateful when you can point me to the right direction.
There's quite a bit info in some closed issues, such as #26, #10 or #7, but check out others too.
Is there any Infomation for this technicolor modem ? Looks similar to the CGA4233. Is unverified boot possible (secureboot?)? any know vuls for root ? any firmware dump ?
I have the hardware to spare but haven't done any hardware hacking projects yet.
I would be grateful when you can point me to the right direction.