Home News “Cable Haunt” Vulnerability Exposes 200 Million Modem Cables to MITM Attacks

“Cable Haunt” Vulnerability Exposes 200 Million Modem Cables to MITM Attacks

Compromised Email Accounts

A security vulnerability named “Cable Haunt,” in Broadcom’s cable modem, exposed around 200 million home broadband gateways in Europe, to remote hijacking attacks.

The flaw, tracked as CVE-2019-19494, was discovered by four Danish researchers – Alexander Dalsgaard Krog, Jens Hegner Staermose, and Kasper Kohsel Terndrup from security company Lyrebirds, along with an independent researcher Simon Vandel Sillesen. The CVE-2019-19494 vulnerability could be exploited by malicious actors by tricking a victim into opening a specially crafted web page, which contains malicious JavaScript code.

According to the researchers, “Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. The vulnerability enables remote attackers to execute arbitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.”

Cable Haunt impacts a standard hardware and software component of Broadcom chips, known as spectrum analyzer, which protects the cable modem from signal surges.

The researchers further added, “The exploitation will be performed in two steps. First, access to the vulnerable endpoint is gained through a browser. Second, the vulnerable endpoint is hit with a buffer overflow attack that gives the attacker control to the modem.”

The attackers can also perform a range of malicious activities including:

  • Change default DNS server
  • Launch remote man-in-the-middle attacks (MITM attacks)
  • Hot-swap code or even the entire firmware
  • Upload, flash and upgrade firmware silently
  • Disable ISP firmware upgrade
  • Change every config file and settings
  • Get and Set SNMP OID values
  • Change all associated MAC addresses
  • Change serial numbers
  • Turn devices into bots for botnet attacks