Vulnerability Name:

CVE-2019-19494 (CCN-174207)

Assigned:2019-12-02
Published:2020-01-09
Updated:2020-01-28
Summary:Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
8.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-120
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-19494

Source: MISC
Type: Exploit, Technical Description, Third Party Advisory
https://cablehaunt.com

Source: XF
Type: UNKNOWN
broadcom-cve201919494-bo(174207)

Source: MISC
Type: Technical Description, Third Party Advisory
https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/Lyrebirds/Fast8690-exploit

Source: CCN
Type: GitHub Web site
Fast3890-exploit

Source: MISC
Type: Product
https://www.broadcom.com

Source: CCN
Type: COMPAL Web site
COMPAL 7284E and 7486E devices

Source: CCN
Type: NETGEAR Web site
NETGEAR CG3700EMR and C6250EMR devices

Source: CCN
Type: Sagemcom Web site
Sagemcom F@st 3890 and F@st 3686 devices

Source: CCN
Type: Technicolor Web site
Technicolor TC7230 STEB devices

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sagemcom:f@st_3890_firmware:*:*:*:*:*:*:*:* (Version < 50.10.21_t4)
  • AND
  • cpe:/h:sagemcom:f@st_3890:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:sagemcom:f@st_3890_firmware:*:*:*:*:*:*:*:* (Version < 05.76.6.3f)
  • AND
  • cpe:/h:sagemcom:f@st_3890:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:sagemcom:f@st_3686_firmware:3.428.0:*:*:*:*:*:*:*
  • OR cpe:/o:sagemcom:f@st_3686_firmware:4.83.0:*:*:*:*:*:*:*
  • AND
  • cpe:/h:sagemcom:f@st_3686:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netgear:cg3700emr_firmware:2.01.03:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:cg3700emr_firmware:2.01.05:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netgear:cg3700emr:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:netgear:c6250emr_firmware:2.01.03:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:c6250emr_firmware:2.01.05:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netgear:c6250emr:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:technicolor:tc7230_steb_firmware:01.25:*:*:*:*:*:*:*
  • AND
  • cpe:/h:technicolor:tc7230_steb:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:compal:7284e_firmware:5.510.5.11:*:*:*:*:*:*:*
  • AND
  • cpe:/h:compal:7284e:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:compal:7486e_firmware:5.510.5.11:*:*:*:*:*:*:*
  • AND
  • cpe:/h:compal:7486e:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:sagemcom:f@st_3890:-:*:*:*:*:*:*:*
  • OR cpe:/h:sagemcom:f@st_3686:-:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:cg3700emr_firmware:2.01.05:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:cg3700emr_firmware:2.01.03:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:c6250emr_firmware:2.01.05:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:c6250emr_firmware:2.01.03:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sagemcom f@st 3890 firmware *
    sagemcom f@st 3890 -
    sagemcom f@st 3890 firmware *
    sagemcom f@st 3890 -
    sagemcom f@st 3686 firmware 3.428.0
    sagemcom f@st 3686 firmware 4.83.0
    sagemcom f@st 3686 -
    netgear cg3700emr firmware 2.01.03
    netgear cg3700emr firmware 2.01.05
    netgear cg3700emr -
    netgear c6250emr firmware 2.01.03
    netgear c6250emr firmware 2.01.05
    netgear c6250emr -
    technicolor tc7230 steb firmware 01.25
    technicolor tc7230 steb -
    compal 7284e firmware 5.510.5.11
    compal 7284e -
    compal 7486e firmware 5.510.5.11
    compal 7486e -
    sagemcom f@st 3890 -
    sagemcom f@st 3686 -
    netgear cg3700emr firmware 2.01.05
    netgear cg3700emr firmware 2.01.03
    netgear c6250emr firmware 2.01.05
    netgear c6250emr firmware 2.01.03