NA

CVE-2019-19494

Published: 09/01/2020 Updated: 09/01/2020

Vulnerability Summary

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote malicious user to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 before 50.10.21_T4, Sagemcom F@st 3890 before 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Vulnerability Trend

Recent Articles

Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear
The Register • Shaun Nichols in San Francisco • 10 Jan 2020

It's got a name and logo so it's serious, you guys

A vulnerability in Broadcom's cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings.
Four Danish researchers have demonstrated how a miscreant could exploit the hole, CVE-2019-19494, the wild: essentially, a victim is tricked into opening a webpage or similar containing malicious JavaScript. This code subsequently connects to the web server built into the vulnerable modem on the local network. Th...