Jump to content

"cablehaunt" Vulnerability


1PW

Recommended Posts

Reference: https://cablehaunt.com

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19494

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19495

Quote

Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. The vulnerability enables remote attackers to execute abitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.

...

 

Link to post
Share on other sites

The 3rd link mentions 

Quote

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. 

That is about one specific modem hardware.   Also mentions "browser" as the pathway.

The 2nd link mentions one brand-family of modems "Broadcom"   & "browser" as the pathway.

Quote

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser.

 

So it seems to me it is a good idea for all to check the Brand-name and model of internet-router hardware.   To check for any manufacturer patches.

and

to be sure to check the router admin password & insure it is set to a strong password    ( not the default one from mnufacturer).

Link to post
Share on other sites

My new understanding is that Broadcom is a chipset.  Not necessarily a brand of router.

But that the potential exploit discussed relies on

Quote

tricking users into accessing a malicious page via their browser, they can use the browser to relay an exploit to the vulnerable component and execute commands on the device.

But insuring that the router has the latest firmware AND insuring that the router password is a strong one,  NOT the factory default, is what is called for,

Link to post
Share on other sites

Yes, Broadcom is a chipset manufacturer that makes IC's for internet connectivity devices including PCs as well as modems and other devices.  They are similar to the likes of Realtek and Intel in that regard and are one of the most common manufacturers of such ICs.

I guess I should be glad I'm using DSL and that the manufacturer of my particular modem is not among those exposed as being vulnerable.  I still keep my firmware up to date though and use strong passwords (and I also disable all remote access functionality built into the modem since it is a feature I have no use for and poses a great security risk).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.