The vulnerability, dubbed Cable Haunt and tracked as CVE-2019-19494, was identified by researchers from Lyrebirds and an independent expert. They’ve reproduced the attack on ten cable modems from Sagemcom, Netgear, Technicolor and COMPAL, but other manufacturers also likely use the Broadcom chip containing the vulnerability.
The researchers estimate that 200 million modems were initially affected by this vulnerability in Europe alone. However, over the past year they have been notifying affected ISPs — cable modems are typically provided to internet users by ISPs — and four companies in Denmark and Norway have reported patching their devices after being notified.
