Exploit that gives remote access affects ~200 million cable modems (ars technica)

Ars technica reportson the "Cable Haunt" vulnerability that afflicts a large number ofcable modems. "The first and most straightforward way is to serve malicious JavaScript that causes the browser to connect to the modem. Normally, a mechanism called cross-origin resource sharing prevents a Web application from one origin (such as malicious.example.com) from working on a different origin (such as 192.168.100.1, the address used by most or all of the vulnerable modems).Websockets, however, aren't protected by CORS, as the mechanism is usuallycalled. As a result, the modems will accept the remote JavaScript, therebyallowing attackers to reach the endpoint and serve it code." Thusfar, there doesn't seem to be any information out there on whether routersrunning OpenWrt are vulnerable.