“Cable Haunt” Exploit: what you need to know, and steps to protect yourself.


What is “Cable Haunt”?

Earlier this month, Lyrebirds, a security research group discovered an exploit which likely affects hundreds of millions of cable modems worldwide. They have dubbed it “Cable Haunt”, AKA CVE-2019-19494.

If you’re successfully attacked, your attackers are given full remote access to your modem and all the traffic flowing through it. This could include intercepting private communication, redirecting traffic, and even tell the modem to ignore system updates.


Who is affected?

So far, researchers have not found evidence of attackers using the exploit in the wild, but warn that it would be very easy to hide evidence of the attack. Because it’s still a relatively difficult exploit to take advantage of, Lyrebirds believes that the average consumer won’t be targeted by the exploit (until “easy-to-use” exploit kits are developed and gain popularity).

As of January 15, 2020, the Cable Haunt exploit has been found affecting cable modems made by Netgear, Arris, COMPAL, Technicolor, and more. The flaw originates in Broadcom reference software, which has appeared in fairly common firmware for many household cable modems used worldwide. 

Models known to be affected include:

  • Arris Surfboard CM8200A
  • Arris Surfboard SB6183 
  • Arris Surfboard SB8200
  • COMPAL 7284E 
  • COMPAL 7486E
  • Humax HGB10R-02 
  • Netgear C6250EMR
  • Netgear CG3700EMR 
  • Netgear CM1000 
  • Sagemcom F@st 3686
  • Sagemcom F@st 3890
  • Technicolor TC4400
  • Technicolor TC7230 
  • Technicolor TC7300

*some firmware versions of those models might not be at risk


What steps should I take?

This attack is unique in that the average consumer doesn’t have access to update or fix their own modems (only routers). Due to that issue, there’s more pressure on internet service providers to roll out an update to address the problem. Many American ISPs have stated that they’re testing for the vulnerability now, and working on plans to mitigate anything they find. 

If you think your modem is affected and you’re worried about getting it resolved quickly we recommend you reach out to your ISP directly to ask them about the status of the Cable Haunt fix.

If you’re tech-savvy and curious, this article has some steps you can take to learn if your specific device is affected, and Lyrebirds’ official page for Cable Haunt is being updated with much more in-depth information on the exploit as news comes to surface.