A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned.
About CVE-2019-19494
CVE-2019-19494, also dubbed Cable Haunt, is present in the spectrum analyzer, a standard component of Broadcom chips that identifies potential problems with the connection through the modem’s coaxial cable.
“The cable modems are vulnerable to remote code execution through a web-socket connection, bypassing normal CORS and SOC rules, and then subsequently by overflowing the registers and executing malicious functionality. The exploit is possible due to lack of protection proper authorization of the web-socket client, default credentials and a programming error in the spectrum analyzer,” the researchers explaine ..
Support the originator by clicking the read the rest link below.
