![]() ![]() ![]() The buffer overflow can be exploited using (according to the researchers: “a carefully crafted message the modem can be manipulated to execute arbitrary code specified by a remote attacker”.Īn important aspect of the above described exploit is that while the attack is a remote attack (using a victim’s web browser) it results in the local compromise of the modems spectrum analyser. The vulnerability designated formally as CVE-2019-19494 is a buffer overflow ( defined) that if exploited could allow remote code execution (defined: the ability for an attacker to remotely carry out any action of their choice on your device) with kernel level ( defined) privileges by using JavaScript ( defined) within your web browser. Summary of the Technical Aspects of these vulnerabilities It is important to point out that this is not the only attack vector that can be employed, vulnerable mail-clients, exploited IoT devices, public networks etc. “This could be exploited by an attacker if you visit a malicious website or if they embed the code, for instance in an advert, on a trusted website. ![]() While the vulnerabilities are serious in their impact, namely complete remote compromise of the device, how an attacker could exploit the vulnerabilities to achieve that outcome is not trivial. Virgin Media’s Super Hub 3 and 4 do not appear to be vulnerable. Other brands of modems confirmed by the wider community as being vulnerable are: ![]() Please see also the FAQ “Am I Affected” on the Cable Haunt website. These vulnerabilities have been named Cable Haunt as an easier to remember reference.Īt the least the following manufacturers are affected with up to 200 million vulnerable modems mainly based in Europe but other regions e.g. In mid-January it was discovered the firmware ( defined) of many internet service provider (ISP) modems (specifically combined modems and routers in the same device) was vulnerable to remote takeover by attackers. If you use a cable modem for your internet connection, you should check if your modem is vulnerable and follow the step “What should I do” mentioned below. If you are cautious with the links you click and when processing your email, you will likely not be vulnerable to these flaws. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |