CVE-2019-19494 Information

Feb 14, 2021 cve

Description

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim’s browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4 Sagemcom F@st 3890 prior to 05.76.6.3f Sagemcom F@st 3686 3.428.0 Sagemcom F@st 3686 4.83.0 NETGEAR CG3700EMR 2.01.05 NETGEAR CG3700EMR 2.01.03 NETGEAR C6250EMR 2.01.05 NETGEAR C6250EMR 2.01.03 Technicolor TC7230 STEB 01.25 COMPAL 7284E 5.510.5.11 and COMPAL 7486E 5.510.5.11.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://cablehaunt.com https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf https://github.com/Lyrebirds/Fast8690-exploit https://www.broadcom.com

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: