Categories: Blog

New exploit affects 200 million+ cable modems worldwide

“Cable Haunt” Exploit: what you need to know, and steps to protect yourself.

 

What is “Cable Haunt”?

Earlier this month, Lyrebirds, a security research group discovered an exploit which likely affects hundreds of millions of cable modems worldwide. They have dubbed it “Cable Haunt”, AKA CVE-2019-19494.

If you’re successfully attacked, your attackers are given full remote access to your modem and all the traffic flowing through it. This could include intercepting private communication, redirecting traffic, and even tell the modem to ignore system updates.

 

Who is affected?

So far, researchers have not found evidence of attackers using the exploit in the wild, but warn that it would be very easy to hide evidence of the attack. Because it’s still a relatively difficult exploit to take advantage of, Lyrebirds believes that the average consumer won’t be targeted by the exploit (until “easy-to-use” exploit kits are developed and gain popularity).

As of January 15, 2020, the Cable Haunt exploit has been found affecting cable modems made by Netgear, Arris, COMPAL, Technicolor, and more. The flaw originates in Broadcom reference software, which has appeared in fairly common firmware for many household cable modems used worldwide. 

Models known to be affected include:

  • Arris Surfboard CM8200A
  • Arris Surfboard SB6183 
  • Arris Surfboard SB8200
  • COMPAL 7284E 
  • COMPAL 7486E
  • Humax HGB10R-02 
  • Netgear C6250EMR
  • Netgear CG3700EMR 
  • Netgear CM1000 
  • Sagemcom F@st 3686
  • Sagemcom F@st 3890
  • Technicolor TC4400
  • Technicolor TC7230 
  • Technicolor TC7300

*some firmware versions of those models might not be at risk

 

What steps should I take?

This attack is unique in that the average consumer doesn’t have access to update or fix their own modems (only routers). Due to that issue, there’s more pressure on internet service providers to roll out an update to address the problem. Many American ISPs have stated that they’re testing for the vulnerability now, and working on plans to mitigate anything they find. 

If you think your modem is affected and you’re worried about getting it resolved quickly we recommend you reach out to your ISP directly to ask them about the status of the Cable Haunt fix.

If you’re tech-savvy and curious, this article has some steps you can take to learn if your specific device is affected, and Lyrebirds’ official page for Cable Haunt is being updated with much more in-depth information on the exploit as news comes to surface. 

 

Sources:

https://cablehaunt.com/

https://www.tomsguide.com/news/cable-haunt-modem-flaw

https://threatpost.com/cable-haunt-remote-code-execution/151756/

Garrett Wenger

Garrett Wenger is a storyteller and marketer at Newmind Group, and a native to Kalamazoo, MI. He received his BFA in English Literature from Western Michigan University, and has heritage in Southwest Michigan’s creative writing community. He published his first book of poetry in late 2013, and he has been featured in numerous literary journals.

Share
Published by
Garrett Wenger
6 years ago

Recent Posts

Workspace for Nonprofits is getting 10 new AI tools for free. Are they worth your time?

4 weeks ago

Structured Cabling is an IT project. Why aren’t business owners asking IT companies to do the job?

1 month ago

Michigan Company Agency Beats Ransomware Attack Using “Canary Files”

Cybersecurity pays off. A Michigan company working with Newmind for IT recently had a very…

2 months ago

Gemini AI is now included in Google Workspace. These 9 features are our favorites

Google surprised us in January 2025 with the announcement that Gemini, their AI assistant, would…

5 months ago

Shared Drives are now on Google Workspace Business Starter accounts. What you should know:

10 months ago

Matt Vollmar Celebrates 10 Years at Newmind Group

2 years ago