CVE-2019-19494

Severity CVSS v4.0:

Pending analysis

Type:

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Publication date:

09/01/2020

Last modified:

28/01/2020

Description

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim&#39;s browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 8.80 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

8.80

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:M/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 9.30 HIGH
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

9.30

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:sagemcom:f\@st_3890_firmware::::::::		50.10.21_t4 (excluding)
cpe:2.3:h:sagemcom:f\@st_3890:-:::::::*
cpe:2.3:o:sagemcom:f\@st_3890_firmware::::::::		05.76.6.3f (excluding)
cpe:2.3:h:sagemcom:f\@st_3890:-:::::::*
cpe:2.3:o:sagemcom:f\@st_3686_firmware:3.428.0:::::::*
cpe:2.3:o:sagemcom:f\@st_3686_firmware:4.83.0:::::::*
cpe:2.3:h:sagemcom:f\@st_3686:-:::::::*
cpe:2.3:o:netgear:cg3700emr_firmware:2.01.03:::::::*
cpe:2.3:o:netgear:cg3700emr_firmware:2.01.05:::::::*
cpe:2.3:h:netgear:cg3700emr:-:::::::*
cpe:2.3:o:netgear:c6250emr_firmware:2.01.03:::::::*
cpe:2.3:o:netgear:c6250emr_firmware:2.01.05:::::::*
cpe:2.3:h:netgear:c6250emr:-:::::::*
cpe:2.3:o:technicolor:tc7230_steb_firmware:01.25:::::::*
cpe:2.3:h:technicolor:tc7230_steb:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:sagemcom:f\@st_3890_firmware::::::::		50.10.21_t4 (excluding)
cpe:2.3:h:sagemcom:f\@st_3890:-:::::::*
cpe:2.3:o:sagemcom:f\@st_3890_firmware::::::::		05.76.6.3f (excluding)
cpe:2.3:h:sagemcom:f\@st_3890:-:::::::*
cpe:2.3:o:sagemcom:f\@st_3686_firmware:3.428.0:::::::*
cpe:2.3:o:sagemcom:f\@st_3686_firmware:4.83.0:::::::*
cpe:2.3:h:sagemcom:f\@st_3686:-:::::::*
cpe:2.3:o:netgear:cg3700emr_firmware:2.01.03:::::::*
cpe:2.3:o:netgear:cg3700emr_firmware:2.01.05:::::::*
cpe:2.3:h:netgear:cg3700emr:-:::::::*
cpe:2.3:o:netgear:c6250emr_firmware:2.01.03:::::::*
cpe:2.3:o:netgear:c6250emr_firmware:2.01.05:::::::*
cpe:2.3:h:netgear:c6250emr:-:::::::*
cpe:2.3:o:technicolor:tc7230_steb_firmware:01.25:::::::*
cpe:2.3:h:technicolor:tc7230_steb:-:::::::*

CVE-2019-19494

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools