2 matches found
Command injection
An issue was discovered on Virgin Media Super Hub 3 based on ARRIS TG2492 devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user if they are using certain VPN implementations, this would...
CVE-2019-16651
CVE-2019-16651 concerns Virgin Media Super Hub 3 (ARRIS TG2492). The SNMP interface allegedly lacks sufficient protection, enabling exploitation via JavaScript and DNS rebinding to leak the user’s WAN IP address. This can reveal the user’s VPN usage and potentially de-anonymize traffic. The Conne...