CVE-2019-19494

Published: Jan 9, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Affected (11)

Products: Sagemcom: F@st 3890 Firmware, F@st 3686 Firmware · Netgear: Cg3700emr Firmware, C6250emr Firmware · Technicolor: Tc7230 Steb Firmware · +1 more

Show all products

Sagemcom: F@st 3890 Firmware, F@st 3686 Firmware · Netgear: Cg3700emr Firmware, C6250emr Firmware · Technicolor: Tc7230 Steb Firmware · Compal: 7284e Firmware, 7486e Firmware

2 products

2 products

1 product

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sagemcom F@st 3890 Firmware	Before 50.10.21_t4

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sagemcom F@st 3890 Firmware	Before 05.76.6.3f

Running on/with	Platform Versions
Sagemcom F@st 3890	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sagemcom F@st 3686 Firmware	Version 3.428.0
Sagemcom F@st 3686 Firmware	Version 4.83.0

Running on/with	Platform Versions
Sagemcom F@st 3686	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Cg3700emr Firmware	Version 2.01.03
Netgear Cg3700emr Firmware	Version 2.01.05

Running on/with	Platform Versions
Netgear Cg3700emr	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear C6250emr Firmware	Version 2.01.03
Netgear C6250emr Firmware	Version 2.01.05

Running on/with	Platform Versions
Netgear C6250emr	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Tc7230 Steb Firmware	Version 01.25

Running on/with	Platform Versions
Technicolor Tc7230 Steb	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Compal 7284e Firmware	Version 5.510.5.11

Running on/with	Platform Versions
Compal 7284e	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Compal 7486e Firmware	Version 5.510.5.11

Running on/with	Platform Versions
Compal 7486e	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (8)

https://cablehaunt.com

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://github.com/Lyrebirds/Fast8690-exploit

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.broadcom.com

Source: cve@mitre.org

Product

https://cablehaunt.com

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

https://github.com/Lyrebirds/Fast8690-exploit

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.broadcom.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.