Login  |   Register Logout  |   中文
Modify
Deregister
[Bulletin] Huawei Intelligent Security Center of a new edition is now available. You can click New Edition in the upper right corner of the page to experience it.

  • Security Notice

  • Research

  • Signature Update

  • Knowledge Base Query

  • Intelligence Query

  • FireHunter-Cloud FireHunter-Cloud

  • My Device

  • Support

MAPP Notice
Vulnerability Notice
Security Alert
PSIRT Advisories
Security Blog
Major Security Events
Signature Update
Version Notice
Signature Change Description
Feedback
IPS New Grammar Manual
Information Release
Subscription
URL Category Query
IPS Threat
APPWiKi

Broadcom Modem Chip CVE-2019-19494 Kernel-level Vulnerability Alert


Release Date : 2020-01-15 19:17:08    Update Date : 2020-01-16 15:55:57    Author :

【Abstract】Recently, a kernel-level security vulnerability was revealed in Broadcom modem chip. The vulnerability is called Cable Haunt and corresponds to CVE number CVE-2019-19494.

1 Overview

1.1 Vulnerability overview

Recently, a kernel-level security vulnerability was revealed in Broadcom modem chip. The vulnerability is called Cable Haunt and corresponds to CVE number CVE-2019-19494. A remote attacker can exploit the vulnerability to take complete control of the target modem, then he can perform a man-in-the-middle attack, modify the configuration, include the modem in a Botnet, etc. Up to now, nearly 200 million modems have been affected in Europe alone, and the scope of the impact is still expanding. Hundreds of millions of devices worldwide may be affected.

1.2 Affected products



1.3 Vulnerability harm

Vulnerability type

Default login credentials / remote code execution

Vulnerability root cause

The spectrum analyzer of Broadcom chip lacks the protection   against DNS rebinding attack; a default credentials is used or no login   credentials is required; the firmware contains programming error. Therefore,   a remote attacker can break through the same-origin policy and attack target   devices in the internal network.

Attack mode

  • First, the attacker induces the target user to click the specifically crafted web page (containing malicious js code) or malicious   email

  • After the first step is successful, the malicious code will connect to the modem's built-in web service in the local network

  • Finally, by triggering a buffer overflow vulnerability, the attacker can change the contents of the modem's processor register to achieve arbitrary code execution

Vulnerability harm

  • Change the default DNS server

  • Perform a   man-in-the-middle attack

  • Hot plug code or even the entire firmware

  • Silently upload, refresh, and upgrade firmware

  • Disable ISP firmware upgrade

  • Change each profile and setting

  • Get and set SNMP OID value

  • Change the associated MAC address

  • Change serial number

  • Include the device in a botnet



Note: The discoverer of the vulnerability has published the complete exploit code on GitHub and provided a demo video of vulnerability reproduction. Anyone can obtain the attack code and launch a targeted attack.


2 How to protect yourself against the vulnerability

2.1 How to fix

It is reported that four ISP service providers Telia, TDC, Get AS and Stofa in Scandinavia (Norway and Sweden) have released patches. Please contact your operator and upgrade the modem firmware.

2.2 Temporary evasive measures

Do not open web pages or hyperlinks from untrusted sources

Do not open unknown mail attachments


3 Reference links

https://cablehaunt.com/

https://github.com/Lyrebirds/cable-haunt-report/releases/download/2.5/report.pdf


【Copyright Notice】 This article is the original content of HUAWEI Security Center. When reprinting, you must indicate the source (HUAWEI Security Center), link and author of the article, otherwise you may be held liable.If you find any suspected infringing content on this website, please visit the Feedback page to report and provide relevant evidence. Once verified, we will immediately remove the allegedly infringing content.




BackTop
Comment


1 0
Like Disagree






View more
Fold

Related links Huawei | Contact Us Tel:Huawei Service-Hotline | About Us Privacy Data Protection Statement

Copyright ©Huawei Technologies Co., Ltd. 2008 - 2025. All rights reserved.