Details of VAR-202001-0738

ID

VAR-202001-0738

CVE

CVE-2019-19494

TITLE

plural Broadcom -Based cable modem vulnerable to classical buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2019-014302

DESCRIPTION

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. plural Broadcom The base cable modem contains a classic buffer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Sagemcom F@st 5260 and Sagemcom F@st 3890 are routers. Technicolor TC7230 STEB is a wireless router

Trust: 2.25

sources: NVD: CVE-2019-19494 // JVNDB: JVNDB-2019-014302 // CNVD: CNVD-2020-23485 // VULMON: CVE-2019-19494

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-23485

AFFECTED PRODUCTS

vendor:	technicolor	model:	tc7230 steb	scope:	eq	version:	01.25	Trust: 2.4
vendor:	netgear	model:	c6250emr	scope:	eq	version:	2.01.05	Trust: 1.6
vendor:	netgear	model:	c6250emr	scope:	eq	version:	2.01.03	Trust: 1.6
vendor:	netgear	model:	cg3700emr	scope:	eq	version:	2.01.05	Trust: 1.6
vendor:	netgear	model:	cg3700emr	scope:	eq	version:	2.01.03	Trust: 1.6
vendor:	sagemcom	model:	f\@st 3890	scope:	lt	version:	50.10.21_t4	Trust: 1.0
vendor:	compal	model:	7284e	scope:	eq	version:	5.510.5.11	Trust: 1.0
vendor:	sagemcom	model:	f\@st 3686	scope:	eq	version:	3.428.0	Trust: 1.0
vendor:	sagemcom	model:	f\@st 3890	scope:	lt	version:	05.76.6.3f	Trust: 1.0
vendor:	compal	model:	7486e	scope:	eq	version:	5.510.5.11	Trust: 1.0
vendor:	sagemcom	model:	f\@st 3686	scope:	eq	version:	4.83.0	Trust: 1.0
vendor:	sagemcom	model:	f@st 3890	scope:	lt	version:	05.76.6.3f	Trust: 0.8
vendor:	compal broadband	model:	7284e	scope:	eq	version:	5.510.5.11	Trust: 0.8
vendor:	compal broadband	model:	7486e	scope:	eq	version:	5.510.5.11	Trust: 0.8
vendor:	sagemcom	model:	f@st 3890	scope:	eq	version:	-	Trust: 0.8
vendor:	sagemcom	model:	f@st 3890	scope:	lt	version:	50.10.21_t4	Trust: 0.8
vendor:	ネットギア	model:	c6250emr	scope:	eq	version:	2.01.03	Trust: 0.8
vendor:	ネットギア	model:	c6250emr	scope:	eq	version:	2.01.05	Trust: 0.8
vendor:	sagemcom	model:	f@st 3686	scope:	eq	version:	3.428.0	Trust: 0.8
vendor:	ネットギア	model:	cg3700emr	scope:	eq	version:	2.01.05	Trust: 0.8
vendor:	ネットギア	model:	cg3700emr	scope:	eq	version:	2.01.03	Trust: 0.8
vendor:	sagemcom	model:	f@st 3686	scope:	eq	version:	4.83.0	Trust: 0.8
vendor:	sagemcom	model:	f@st <50.10.21 t4	scope:	eq	version:	3890	Trust: 0.6
vendor:	sagemcom	model:	f@st <05.76.6.3f	scope:	eq	version:	3890	Trust: 0.6
vendor:	sagemcom	model:	f@st	scope:	eq	version:	36863.428.0	Trust: 0.6
vendor:	sagemcom	model:	f@st	scope:	eq	version:	36864.83.0	Trust: 0.6
vendor:	technicolor	model:	compal 7486e	scope:	eq	version:	5.510.5.11	Trust: 0.6
vendor:	technicolor	model:	compal 7284e	scope:	eq	version:	5.510.5.11	Trust: 0.6

sources: CNVD: CNVD-2020-23485 // JVNDB: JVNDB-2019-014302 // NVD: CVE-2019-19494

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19494
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-19494
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-23485
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202001-311
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-19494
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-19494
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-23485
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-19494
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19494
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-23485 // VULMON: CVE-2019-19494 // JVNDB: JVNDB-2019-014302 // CNNVD: CNNVD-202001-311 // NVD: CVE-2019-19494

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-014302 // NVD: CVE-2019-19494

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-311

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202001-311

PATCH

title:	Top Page	url:	https://www.broadcom.com/	Trust: 0.8
title:	The Register	url:	https://www.theregister.co.uk/2020/01/10/broadcom_cable_haunt_vulnerability/	Trust: 0.2
title:	welivesecurity	url:	https://www.welivesecurity.com/2020/01/14/millions-modems-vulnerable-remote-hijacking/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cable-haunt-remote-code-execution/151756/	Trust: 0.1

sources: VULMON: CVE-2019-19494 // JVNDB: JVNDB-2019-014302

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19494	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-014302	Trust: 0.8
db:	CNVD	id:	CNVD-2020-23485	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-311	Trust: 0.6
db:	VULMON	id:	CVE-2019-19494	Trust: 0.1

sources: CNVD: CNVD-2020-23485 // VULMON: CVE-2019-19494 // JVNDB: JVNDB-2019-014302 // CNNVD: CNNVD-202001-311 // NVD: CVE-2019-19494

REFERENCES

url:	https://github.com/lyrebirds/cable-haunt-report/releases/download/2.4/report.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19494	Trust: 2.0
url:	https://cablehaunt.com	Trust: 1.7
url:	https://www.broadcom.com	Trust: 1.7
url:	https://github.com/lyrebirds/fast8690-exploit	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cable-haunt-remote-code-execution/151756/	Trust: 0.1

sources: CNVD: CNVD-2020-23485 // VULMON: CVE-2019-19494 // JVNDB: JVNDB-2019-014302 // CNNVD: CNNVD-202001-311 // NVD: CVE-2019-19494

SOURCES

db:	CNVD	id:	CNVD-2020-23485
db:	VULMON	id:	CVE-2019-19494
db:	JVNDB	id:	JVNDB-2019-014302
db:	CNNVD	id:	CNNVD-202001-311
db:	NVD	id:	CVE-2019-19494

LAST UPDATE DATE

2024-11-23T21:59:31.876000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-23485	date:	2020-04-20T00:00:00
db:	VULMON	id:	CVE-2019-19494	date:	2020-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-014302	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-311	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2019-19494	date:	2024-11-21T04:34:50.037

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-23485	date:	2020-04-20T00:00:00
db:	VULMON	id:	CVE-2019-19494	date:	2020-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-014302	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-311	date:	2020-01-09T00:00:00
db:	NVD	id:	CVE-2019-19494	date:	2020-01-09T13:15:10.993