This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco DPC3825 vulnerable to newest threat?

I made a post here about "the moon" vulnerability and whether it would effect the Cisco DPC3825 and other Cisco gateways used by Cox. The answer selected was No, since Linksys isn't Cisco. However, now it seems there is a new vulnerability that specifically attacks Cisco equipment

The vulnerable products are:

Cisco DPC3212 VoIP Cable Modem
Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
Cisco EPC3212 VoIP Cable Modem
Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem
Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

Here is a news article on it. 

Here is Cisco official statement.

  • Temporary solution: Don't buy Cisco until they get a firmware fix for it.

  • Hi Health Edge,

    Thanks very much for posting this info! We'll keep our eyes out for the Cisco firmware fix.

  • The DPQ3925 is the only modem/router/eMTA(EDVA) Cox offers I believe. If you want one of them, you have no choice but to get Cisco. And I still think all these exploits might account for some of the unusual overages seen on the bandwidth meter cap. It's the elephant in the room no one is talking about.

  • Hi Health Edge,

    I got more info regarding "the moon" vulnerability in Cisco products; specifically regarding the DPC3825 Gateway we use. One of our network engineers confirmed that the firmware Cox uses isn't impacted by this particular vulnerability. Based on the software versions mentioned in the Cisco Security Advisory, Cox Cisco products are safe. All of our Cisco products have been running 5.5.3 or greater reference code since 2012.

    For more details, check out the discussion thread at

    Thanks for keeping an eye on everything for us! Geeked

  • That was Odog wasn't it? ::chuckle:: Its not vulnerable by default because remote management is not enabled by default since 2012. But alot of customers have it enabled, so Im pretty sure they would be vulnerable. Also, this is a separate vulnerability then "the moon" I was just referencing that because its a vulnerability that make use of remote access. I honestly feel there is a connection between these multiple vulnerabilities and the sudden increase people are seeing in bandwidth use via the meter. There is a thread in this very forum of someone having a problem with the DPQ3925 and then the problem going away after switching to a different model.

    I thank you for your input, but I am going to keep this thread open a little longer and ask users to post their experiences with the equipment. The pudding, after all, is where all the proof is. Smile