9.3
CVE-2019-19494
- EPSS 69.07%
- Veröffentlicht 09.01.2020 13:15:10
- Zuletzt bearbeitet 21.11.2024 04:34:50
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sagemcom ≫ F@st 3890 Firmware Version < 50.10.21_t4
Sagemcom ≫ F@st 3890 Firmware Version < 05.76.6.3f
Sagemcom ≫ F@st 3686 Firmware Version3.428.0
Sagemcom ≫ F@st 3686 Firmware Version4.83.0
Netgear ≫ Cg3700emr Firmware Version2.01.03
Netgear ≫ Cg3700emr Firmware Version2.01.05
Netgear ≫ C6250emr Firmware Version2.01.03
Netgear ≫ C6250emr Firmware Version2.01.05
Technicolor ≫ Tc7230 Steb Firmware Version01.25
Compal ≫ 7284e Firmware Version5.510.5.11
Compal ≫ 7486e Firmware Version5.510.5.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 69.07% | 0.986 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.