Published: 09/01/2020 Updated: 28/01/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote malicious user to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 before 50.10.21_T4, Sagemcom F@st 3890 before, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Vulnerability Trend

Affected Products

Vendor Product Versions
Compal7284e Firmware5.510.5.11
Compal7486e Firmware5.510.5.11
NetgearC6250emr Firmware2.01.03, 2.01.05
NetgearCg3700emr Firmware2.01.03, 2.01.05
SagemcomF@st 3686 Firmware3.428.0, 4.83.0
TechnicolorTc7230 Steb Firmware01.25

Recent Articles

Millions of modems at risk of remote hijacking
welivesecurity • Tomáš Foltýn • 14 Jan 2020

Hundreds of millions of cable modems from various manufacturers may be susceptible to a critical vulnerability that can enable attackers to intercept people’s private messages or redirect their internet traffic, new research has found.
Tracked as CVE-2019-19494 and nicknamed Cable Haunt, the vulnerability is estimated to have affected nearly all cable modems in Europe until recently, with many still remaining at risk. How so? The researchers from Denmark-based security consultancy Lyrebi...

‘Cable Haunt’ Bug Plagues Millions of Home Modems
Threatpost • Tara Seals • 13 Jan 2020

Multiple cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying reference architecture that would allow an attacker full remote control of the device. The footprint for the affected devices numbers in the hundreds of millions worldwide.
Dubbed “Cable Haunt” by researchers at Lyrebirds, the bug (CVE-2019-19494) is found in cable modems across multiple vendors, including Arris, COMPAL, Netgear, Sagemcom, Technicolor and o...

Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear
The Register • Shaun Nichols in San Francisco • 10 Jan 2020

It's got a name and logo so it's serious, you guys

A vulnerability in Broadcom's cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings.
Four Danish researchers have demonstrated how a miscreant could exploit the hole, CVE-2019-19494, the wild: essentially, a victim is tricked into opening a webpage or similar containing malicious JavaScript. This code subsequently connects to the web server built into the vulnerable modem on the local network. Th...