PT-2021-8991 · Virgin Media+1 · Virgin Media Super Hub 3+1

Published

2021-09-14

Updated

2021-10-05

CVE-2019-16651

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Virgin Media Super Hub 3 (based on ARRIS TG2492) devices (affected versions not specified)

Description An issue was discovered in the Virgin Media Super Hub 3 devices, where the SNMP commands have insufficient protection mechanisms. This allows for the use of JavaScript and DNS rebinding to leak the WAN IP address of a user. If the user is utilizing certain VPN implementations, this could potentially decloak them.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2019-16651

Affected Products

Arris Tg2492

Virgin Media Super Hub 3

PT-2021-8991 · Virgin Media+1 · Virgin Media Super Hub 3+1

CVE-2019-16651

Weakness Enumeration

Related Identifiers

Affected Products

References · 6