Jens Hegner Stærmose

Researcher fromLyrebirds
#27405of 53,635
9.3Total CVSS
Vulnerabilities · 1
PT-2019-4315
9.3
2019-08-26
Compal · Compal 7486E · CVE-2019-19494
**Name of the Vulnerable Software and Affected Versions** Sagemcom F@st 3890 versions prior to 50.10.21 T4 Sagemcom F@st 3890 versions prior to 05.76.6.3f Sagemcom F@st 3686 version 3.428.0 Sagemcom F@st 3686 version 4.83.0 NETGEAR CG3700EMR version 2.01.05 NETGEAR CG3700EMR version 2.01.03 NETGEAR C6250EMR version 2.01.05 NETGEAR C6250EMR version 2.01.03 Technicolor TC7230 STEB version 01.25 COMPAL 7284E version 5.510.5.11 COMPAL 7486E version 5.510.5.11 Cisco EPC3928AD (affected versions not specified) Humax HGB10R-02 (affected versions not specified) Arris Surfboard SB8200 (affected versions not specified) **Description** The issue is caused by a buffer overflow in the dynamic memory of Broadcom-based cable modems, allowing a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. This can give the attacker full control over the device. It is estimated that around 200 million devices in Europe are potentially affected. The vulnerability can be exploited by a specially crafted web page. **Recommendations** For Sagemcom F@st 3890 versions prior to 50.10.21 T4, update to version 50.10.21 T4 or later. For Sagemcom F@st 3890 versions prior to 05.76.6.3f, update to version 05.76.6.3f or later. For Sagemcom F@st 3686 version 3.428.0, update to a newer version. For Sagemcom F@st 3686 version 4.83.0, update to a newer version. For NETGEAR CG3700EMR version 2.01.05, update to a newer version. For NETGEAR CG3700EMR version 2.01.03, update to version 2.01.05 or later. For NETGEAR C6250EMR version 2.01.05, update to a newer version. For NETGEAR C6250EMR version 2.01.03, update to version 2.01.05 or later. For Technicolor TC7230 STEB version 01.25, update to a newer version. For COMPAL 7284E version 5.510.5.11, update to a newer version. For COMPAL 7486E version 5.510.5.11, update to a newer version. For Cisco EPC3928AD, Humax HGB10R-02, and Arris Surfboard SB8200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.