New Cable Haunt critical cable modem vulnerability
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
There's a new cable modem vulnerability called Cable Haunt that enables local and remote attackers to execute abitrary code on your cable modem. Through malicious communication with the modem, a buffer overflow can be exploited to gain control of the modem.
For full details see https://cablehaunt.com/
My TC-7610 is vulnerable to this attack.
Question for tp-link - is the TC-7620 vulnerable to the Cable Haunt attack? Any plans to update the hw/fw to fix?
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
The CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19494 It is possible that our products are subseptiable as we do user broadcom chips but we have not heard anything officially yet. We will send this to our Engineering team to test locally. The issue with Cable product updates is that they are regulated by CMTS. This means updates are only able to be pushed by the ISP and only after they have tested individually and approved the update. Beyond that there is no way to update a cable product. If we do find that our chipsets are affected we would push firmware updates to the various ISPs to review and then push as an OTA update.
- Copy Link
- Report Inappropriate Content
Thanks Carl. I can confirm that my TC 7610 is vulnerable to this exploit. I used the javascript procedure listed at the Cable Haunt website. I was able to reboot the modem via the Google Chrome developer interface.
Model: TC 7610
Hardware version: 1.1
Software version: v1.1.0 Build 20160920 Rel371550
- Copy Link
- Report Inappropriate Content
I'll add that to our email to the engineers. Once they test it and can confrim we will have a better answer as to when to expect a resolution, I'm sure the chip maker broadcom is also working for a resolution. I'll update the thread when we know more.
- Copy Link
- Report Inappropriate Content
@Carl does the TC-7620 use a Broadcom chip? I was not able to reproduce the vulnerability on my TC-7620, but that could just be because the test script isn't designed for that modem.
Thanks,
Josh
- Copy Link
- Report Inappropriate Content
Hi Josh, yes i was able to confrim that our cable devices are all based on broadcom chipsets.
- Copy Link
- Report Inappropriate Content
@Carl thanks for the quick response! I'll keep watching this thread for news about the resolution.
Josh
- Copy Link
- Report Inappropriate Content
@Carl do you have any updates about this? Where can I get the latest firmware for my TC-7602? I am currently running v1.0.0 Build 20160503 Rel574150
Thanks,
Josh
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1236
Replies: 7
Voters 0
No one has voted for it yet.