CVE-2019-19494

Name: CVE-2019-19494
Creator: NVD / NIST
Published: 2020-01-09T13:15:10.993+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 22.92%

Last modified Jun 17, 2026

CVE-2019-19494 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.. EPSS estimates a 22.92% chance of exploitation in the next 30 days.

Description

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

22.92%

97.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Sagemcom	F\@St 3890 Firmware	< 50.10.21_t4
Sagemcom	F\@St 3890 Firmware	< 05.76.6.3f
Sagemcom	F\@St 3686 Firmware	3.428.0
Sagemcom	F\@St 3686 Firmware	4.83.0
Netgear	Cg3700emr Firmware	2.01.03
Netgear	Cg3700emr Firmware	2.01.05
Netgear	C6250emr Firmware	2.01.03
Netgear	C6250emr Firmware	2.01.05
Technicolor	Tc7230 Steb Firmware	01.25
Compal	7284e Firmware	5.510.5.11
Compal	7486e Firmware	5.510.5.11

References

https://cablehaunt.comExploit, Technical Description, Third Party Advisory
https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdfTechnical Description, Third Party Advisory
https://github.com/Lyrebirds/Fast8690-exploitExploit, Third Party Advisory
https://www.broadcom.comProduct
https://cablehaunt.comExploit, Technical Description, Third Party Advisory
https://github.com/Lyrebirds/Cable-Haunt-Report/releases/download/2.4/report.pdfTechnical Description, Third Party Advisory
https://github.com/Lyrebirds/Fast8690-exploitExploit, Third Party Advisory
https://www.broadcom.comProduct

Timeline

Published: Jan 9, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-19494?

How severe is CVE-2019-19494?

CVE-2019-19494 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 22.92% probability of exploitation in the next 30 days.

How do I fix CVE-2019-19494?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-19494?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST