Published: 08/01/2020 Updated: 22/01/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote malicious user to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell.

Vulnerable Product	Search on Vulmon	Subscribe to Product
technicolor tc7230_steb_firmware 0.1.25

Technicolor TC7230 exploit This exploit uses the Cable Haunt vulnerability to pop a shell from an external network for the Technicolor TC7230 (STEB0125*) cable modem Firmware version STEB013G or newer should be secure against Cable Haunt, and has been made available by Technicolor A similar, but only locally hostable, exploit exists for Sagemcom F@st 3890 A list of known

CWE-20 https://cablehaunt.com https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf https://github.com/Lyrebirds/Fast8690-exploit https://nvd.nist.gov https://github.com/Lyrebirds/technicolor-tc7230-exploit

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-19495

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect