HOMEVULNERABILITIESCVE-2019-19494
HIGH

CVE-2019-19494

CWE-120Published: January 9, 2020· Updated: Jun 17, 2026

8.8
CVSS v3.1

Official Description

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.

NVD Source

Technical Analysis

CVE-2019-19494 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 8.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionRequired
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Vendors & Products

compal4 product(s)
7284e firmware7284e7486e firmware7486e
netgear4 product(s)
cg3700emr firmwarecg3700emrc6250emr firmwarec6250emr
sagemcom4 product(s)
f\@st 3890 firmwaref\@st 3890f\@st 3686 firmwaref\@st 3686
technicolor2 product(s)
tc7230 steb firmwaretc7230 steb
Source: NVD CPE · 17 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (8)

https://cablehaunt.comExploit · Technical Description · Third Party Advisory
https://github.com/Lyrebirds/Fast8690-exploitExploit · Third Party Advisory
https://cablehaunt.comExploit · Technical Description · Third Party Advisory
https://github.com/Lyrebirds/Fast8690-exploitExploit · Third Party Advisory

Quick Facts

CVE IDCVE-2019-19494
CVSS Score8.8 / 10
SeverityHIGH
WeaknessCWE-120
CISA KEVNo
Affected4 vendor(s)
PublishedJan 9, 2020

Related CVEs (CWE-120)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2019-19494 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.