Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking,

[White Stripes]

Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear

https://www.theregister.co.uk/2020/01/10/broadcom_cable_haunt_vulnerability/
https://cablehaunt.com/

A vulnerability in Broadcom's cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings.

Four Danish researchers have demonstrated how a miscreant could exploit the hole, CVE-2019-19494, the wild: essentially, a victim is tricked into opening a webpage or similar containing malicious JavaScript. This code subsequently connects to the web server built into the vulnerable modem on the local network. The script then alters the contents of the modem's processor registers, by overwriting the stack, to redirect execution to malware smuggled in with the request.

[GhostShip]

This seems a bit of a problematic method of gaining control, given the numbers involved its likely that a large number of folks could be duped into undertaking some of the actions necessary to hijack their router but overall the method is not ever going to reach anything like saturation levels as it involves so many favourable conditions to acheive success.

I could give out the old advice regarding checking for and deploying the latest firmware updates etc but I suspect in many cases such an update has not yet been released and so I fell the better advice is to steer clear of dodgy pop-ups dodgy web sites (avoid those without HTTPS) and give up using that crapware called email