QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19495

Published: Jan 8, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://cablehaunt.com

x_refsource_MISC

https://github.com/Lyrebirds/Fast8690-exploit

x_refsource_MISC

https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.