CVE-2019-19494

Description

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Related CPE's

osagemcomf\@st_3890_firmware********

hsagemcomf\@st_3890-*******

osagemcomf\@st_3890_firmware********

hsagemcomf\@st_3890-*******

osagemcomf\@st_3686_firmware3.428.0*******

osagemcomf\@st_3686_firmware4.83.0*******

hsagemcomf\@st_3686-*******

onetgearcg3700emr_firmware2.01.03*******

onetgearcg3700emr_firmware2.01.05*******

hnetgearcg3700emr-*******

References

https://cablehaunt.com

ExploitTechnical DescriptionThird Party Advisory

https://www.broadcom.com

Product

https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf

Technical DescriptionThird Party Advisory

https://github.com/Lyrebirds/Fast8690-exploit

ExploitThird Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

REQUIRED

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

HIGH

BaseScore

8.8

BaseSeverity

HIGH

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.300000190734863

Created by Yello
About Severity.io