Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
References
Link | Resource |
---|---|
https://cablehaunt.com | Exploit Technical Description Third Party Advisory |
https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf | Technical Description Third Party Advisory |
https://github.com/Lyrebirds/Fast8690-exploit | Exploit Third Party Advisory |
https://www.broadcom.com | Product |
https://cablehaunt.com | Exploit Technical Description Third Party Advisory |
https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf | Technical Description Third Party Advisory |
https://github.com/Lyrebirds/Fast8690-exploit | Exploit Third Party Advisory |
https://www.broadcom.com | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
21 Nov 2024, 04:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://cablehaunt.com - Exploit, Technical Description, Third Party Advisory | |
References | () https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf - Technical Description, Third Party Advisory | |
References | () https://github.com/Lyrebirds/Fast8690-exploit - Exploit, Third Party Advisory | |
References | () https://www.broadcom.com - Product |
Information
Published : 2020-01-09 13:15
Updated : 2024-11-21 04:34
NVD link : CVE-2019-19494
Mitre link : CVE-2019-19494
CVE.ORG link : CVE-2019-19494
JSON object : View
Products Affected
compal
- 7284e
- 7486e_firmware
- 7486e
- 7284e_firmware
netgear
- cg3700emr_firmware
- c6250emr
- cg3700emr
- c6250emr_firmware
sagemcom
- f\@st_3890_firmware
- f\@st_3890
- f\@st_3686_firmware
- f\@st_3686
technicolor
- tc7230_steb
- tc7230_steb_firmware
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')