@mcochris 

The CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19494 It is possible that our products are subseptiable as we do user broadcom chips but we have not heard anything officially yet.  We will send this to our Engineering team to test locally.  The issue with Cable product updates is that they are regulated by CMTS.  This means updates are only able to be pushed by the ISP and only after they have tested individually and approved the update.  Beyond that there is no way to update a cable product.  If we do find that our chipsets are affected we would push firmware updates to the various ISPs to review and then push as an OTA update.  

@Carl 

Thanks Carl. I can confirm that my TC 7610 is vulnerable to this exploit. I used the javascript procedure listed at the Cable Haunt website. I was able to reboot the modem via the Google Chrome developer interface.

Model: TC 7610

Hardware version: 1.1

Software version: v1.1.0 Build 20160920 Rel371550

@mcochris 

I'll add that to our email to the engineers.  Once they test it and can confrim we will have a better answer as to when to expect a resolution,  I'm sure the chip maker broadcom is also working for a resolution.  I'll update the thread when we know more.

@Carl does the TC-7620 use a Broadcom chip? I was not able to reproduce the vulnerability on my TC-7620, but that could just be because the test script isn't designed for that modem.

Thanks,

Josh

@Josh12345 

Hi Josh, yes i was able to confrim that our cable devices are all based on broadcom chipsets.

@Carl thanks for the quick response! I'll keep watching this thread for news about the resolution.

Josh

@Carl do you have any updates about this? Where can I get the latest firmware for my TC-7602? I am currently running v1.0.0 Build 20160503 Rel574150

Thanks,

Josh