CVE-2019-19495

Name of the Vulnerable Software and Affected Versions Technicolor TC7230 STEB version 01.25

Description The web interface of the Technicolor TC7230 is susceptible to DNS rebinding attacks. This allows a remote attacker to configure the cable modem by executing JavaScript in a victim's browser. The attacker can then set up the cable modem to port forward its internal TELNET server, enabling external access to a root shell. The issue is related to security configuration errors in the router's firmware.

Recommendations For Technicolor TC7230 STEB version 01.25, consider disabling the web interface until a patch is available to prevent DNS rebinding attacks. Restrict access to the TELNET server to minimize the risk of exploitation. Avoid using the web interface from untrusted networks or devices to reduce the likelihood of a successful attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.