Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2019-19494

Published: 09/01/2020 Updated: 28/01/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to F\@st 3890 Firmware

Vulnerability Summary

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote malicious user to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 before 50.10.21_T4, Sagemcom F@st 3890 before 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sagemcom f\\@st_3890_firmware

sagemcom f\\@st_3686_firmware 3.428.0

sagemcom f\\@st_3686_firmware 4.83.0

netgear cg3700emr_firmware 2.01.03

netgear cg3700emr_firmware 2.01.05

netgear c6250emr_firmware 2.01.03

netgear c6250emr_firmware 2.01.05

technicolor tc7230_steb_firmware 01.25

compal 7284e_firmware 5.510.5.11

compal 7486e_firmware 5.510.5.11

Recent Articles

Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear
The Register • Shaun Nichols in San Francisco • 10 Jan 2020

It's got a name and logo so it's serious, you guys Accenture pays for CSS injection from Symantec parent Broadcom: Yep, it bought its cybersecurity services arm

Updated A vulnerability in Broadcom's cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings. Four Danish researchers have demonstrated how a miscreant could exploit the hole, CVE-2019-19494, the wild: essentially, a victim is tricked into opening a webpage or similar containing malicious JavaScript. This code subsequently connects to the web server built into the vulnerable modem on the local network. ...

Read more...

References

CWE-120https://cablehaunt.comhttps://www.broadcom.comhttps://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdfhttps://github.com/Lyrebirds/Fast8690-exploithttps://nvd.nist.govhttps://www.theregister.co.uk/2020/01/10/broadcom_cable_haunt_vulnerability/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook