The vulnerability enables remote attackers to execute abitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Source: Cable Haunt Report . They’ve reproduced the attack on ten cable modems from Sagemcom, Netgear, Technicolor and COMPAL, but other manufacturers also likely use the Broadcom chip containing the vulnerability. If 80% of your customers need cable in order to achieve acceptable performance, and 20% of your customers will be better off with DSL but cable still works fine, the ISP is just going to ship 100% cable. Ars technica reports on the "Cable Haunt" vulnerability that afflicts a large number of cable modems. Any usage beyond the included amounts is controlled by spending limits. Sagemcom [email protected] 3890 Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a … "The first and most straightforward way is to serve malicious JavaScript that causes the browser to connect to the modem. This can be via a number of methods and is outside the scope of this document for now. The vulnerability enables remote attackers to gain complete control of a cable modem, through an endpoint on the modem. Cable Haunt is the code name assigned to represent two separate vulnerabilities that impact many of the cable modems in use around the world in 2020. The following modems have been confirmed to be vulnerable to “Cable Haunt”, although more are bound to be added onto the list soon. Your cable modem is in charge of … Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability. These vulnerabilities allow an attacker to obtain external access to a cable modem and perform any number of activities intended to modify the operation of, or monitor the data passing through a cable modem. For private repositories, each GitHub account receives a certain amount of free minutes and storage, depending on the product used with the account. The vulnerability, dubbed Cable Haunt and tracked as CVE-2019-19494, was identified by researchers from Lyrebirds and an independent expert. Cable modems using Broadcom chips are vulnerable to a new vulnerability named Cable Haunt, researchers say. What is Cable Haunt? Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. Economy of scale meant that cable won out over DSL. GitHub Actions usage is free for both public repositories and self-hosted runners. Contribute to Lyrebirds/cable-haunt-vulnerability-test development by creating an account on GitHub. So ISPs put more effort into cable. Cable Haunt is exploited by first gaining access to a local network device like a computer, though it could be any device on the LAN. Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. The researchers have even developed a proof of concept code, so the first question that comes into everyone’s mind is “am I affected?”.