CVE-2019-19942
📋 TL;DR
This vulnerability allows remote attackers to perform DNS spoofing attacks against Swisscom Centro Grande and Centro Business routers by sending crafted DHCP requests with malicious hostnames. The missing output sanitation enables attackers to manipulate DNS resolution for the web interface, potentially redirecting users to malicious sites. Affected users include those with vulnerable Swisscom router models before specific firmware versions.
💻 Affected Systems
- Swisscom Centro Grande
- Swisscom Centro Business 1.0 (ADB)
- Swisscom Centro Business 2.0
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect all web interface traffic to malicious sites, enabling credential theft, malware distribution, or man-in-the-middle attacks against router administration.
Likely Case
DNS spoofing leading to phishing attacks or redirection to malicious websites when users access the router's web interface.
If Mitigated
Limited impact with proper network segmentation and updated firmware, though some DNS manipulation risk remains.
🎯 Exploit Status
Exploitation requires network access to send DHCP requests but no authentication to the router.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Centro Grande 6.16.12+, Centro Business 1.0 7.10.18+, Centro Business 2.0 8.02.04+
Vendor Advisory: https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
Restart Required: Yes
Instructions:
1. Access router web interface. 2. Navigate to firmware update section. 3. Download latest firmware from Swisscom. 4. Apply update. 5. Reboot router.
🔧 Temporary Workarounds
Disable DHCP on vulnerable interfaces
allPrevents exploitation by disabling DHCP server functionality on affected router interfaces.
Network segmentation
allIsolate router management interface from untrusted networks to prevent DHCP attacks.
🧯 If You Can't Patch
- Implement strict network access controls to limit DHCP requests to trusted sources only.
- Monitor DNS queries from router web interface for suspicious redirects or anomalies.
🔍 How to Verify
Check if Vulnerable:
Check router firmware version via web interface or SSH. Compare against vulnerable versions listed in affected systems.Check Version:
Check via router web interface or SSH: varies by model, typically in System Status or About sections.Verify Fix Applied:
Confirm firmware version is equal to or higher than patched versions: Centro Grande ≥6.16.12, Centro Business 1.0 ≥7.10.18, Centro Business 2.0 ≥8.02.04.📡 Detection & Monitoring
Log Indicators:
- Unusual DHCP requests with long or special character hostnames
- DNS resolution failures or unexpected redirects from router interface
Network Indicators:
- DHCP packets with crafted hostnames targeting router IP
- Suspicious DNS queries originating from router management interface
SIEM Query:
source="router_logs" AND (event="dhcp_request" AND hostname CONTAINS special_characters) OR (event="dns_query" AND dest_ip NOT IN trusted_dns_servers)🔗 References
- https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
- https://www.swisscom.ch/en/residential/help/device/internet-router.html
- https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
- https://www.swisscom.ch/en/residential/help/device/internet-router.html
