CVE-2019-19495 Information

Description

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding which allows a remote attacker to configure the cable modem via JavaScript in a victim’s browser. The attacker can then configure the cable modem to port forward the modem’s internal TELNET server allowing external access to a root shell.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://cablehaunt.com https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf https://github.com/Lyrebirds/Fast8690-exploit

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8