Security researchers are warning of a new critical vulnerability affecting multiple cable modem manufacturers that use Broadcom chips — exposing hundreds of millions of users to remote attacks. Discovered by three researchers from security consultancy Lyrebirds and an independent, the so-called “Cable Haunt” bug (CVE-2019-19494) is described as a buffer overflow, “which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim’s browser.” Specifically, the flaw is found in Broadcom chip’s spectrum analyzer component, which is designed to identify problems with the modem cable connection.
Read full article on Infosecurity