CVE-2019-19494

Summary

CVE	CVE-2019-19494
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-01-09 13:15:00 UTC
Updated	2020-01-28 19:43:00 UTC
Description	Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Compal	7284e	-	All	All	All
Hardware	Compal	7284e	-	All	All	All
Operating System	Compal	7284e Firmware	5.510.5.11	All	All	All
Operating System	Compal	7284e Firmware	5.510.5.11	All	All	All
Hardware	Compal	7486e	-	All	All	All
Hardware	Compal	7486e	-	All	All	All
Operating System	Compal	7486e Firmware	5.510.5.11	All	All	All
Operating System	Compal	7486e Firmware	5.510.5.11	All	All	All
Hardware	Netgear	C6250emr	-	All	All	All
Hardware	Netgear	C6250emr	-	All	All	All
Operating System	Netgear	C6250emr Firmware	2.01.03	All	All	All
Operating System	Netgear	C6250emr Firmware	2.01.05	All	All	All
Operating System	Netgear	C6250emr Firmware	2.01.03	All	All	All
Operating System	Netgear	C6250emr Firmware	2.01.05	All	All	All
Hardware	Netgear	Cg3700emr	-	All	All	All
Hardware	Netgear	Cg3700emr	-	All	All	All
Operating System	Netgear	Cg3700emr Firmware	2.01.03	All	All	All
Operating System	Netgear	Cg3700emr Firmware	2.01.05	All	All	All
Operating System	Netgear	Cg3700emr Firmware	2.01.03	All	All	All
Operating System	Netgear	Cg3700emr Firmware	2.01.05	All	All	All
Hardware	Sagemcom	F@st 3686	-	All	All	All
Operating System	Sagemcom	F@st 3686 Firmware	3.428.0	All	All	All
Operating System	Sagemcom	F@st 3686 Firmware	4.83.0	All	All	All
Hardware	Sagemcom	F@st 3890	-	All	All	All
Operating System	Sagemcom	F@st 3890 Firmware	All	All	All	All
Hardware	Sagemcom	F@st 3686	-	All	All	All
Hardware	Sagemcom	F@st 3686	-	All	All	All
Operating System	Sagemcom	F@st 3686 Firmware	3.428.0	All	All	All
Operating System	Sagemcom	F@st 3686 Firmware	4.83.0	All	All	All
Operating System	Sagemcom	F@st 3686 Firmware	3.428.0	All	All	All
Operating System	Sagemcom	F@st 3686 Firmware	4.83.0	All	All	All
Hardware	Sagemcom	F@st 3890	-	All	All	All
Hardware	Sagemcom	F@st 3890	-	All	All	All
Operating System	Sagemcom	F@st 3890 Firmware	All	All	All	All
Operating System	Sagemcom	F@st 3890 Firmware	All	All	All	All
Hardware	Technicolor	Tc7230 Steb	-	All	All	All
Hardware	Technicolor	Tc7230 Steb	-	All	All	All
Operating System	Technicolor	Tc7230 Steb Firmware	01.25	All	All	All
Operating System	Technicolor	Tc7230 Steb Firmware	01.25	All	All	All

References

Reference	Source	Link	Tags
github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf	MISC	github.com	Technical Description, Third Party Advisory
Broadcom Inc. \| Connecting Everything	MISC	www.broadcom.com	Product
cablehaunt.com	MISC	cablehaunt.com	Exploit, Technical Description, Third Party Advisory
GitHub - Lyrebirds/Fast8690-exploit	MISC	github.com	Exploit, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.