CVE-2017-14117

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.
References
Link Resource
http://www.securityfocus.com/bid/100585 Third Party Advisory VDB Entry
https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/ Third Party Advisory
https://www.nomotion.net/blog/sharknatto/ Exploit Mitigation Technical Description Third Party Advisory
http://www.securityfocus.com/bid/100585 Third Party Advisory VDB Entry
https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/ Third Party Advisory
https://www.nomotion.net/blog/sharknatto/ Exploit Mitigation Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:att:u-verse_firmware:9.2.2h0d83:*:*:*:*:*:*:*
OR cpe:2.3:h:commscope:arris_nvg589:-:*:*:*:*:*:*:*
cpe:2.3:h:commscope:arris_nvg599:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:12

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/100585 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/100585 - Third Party Advisory, VDB Entry
References () https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/ - Third Party Advisory () https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/ - Third Party Advisory
References () https://www.nomotion.net/blog/sharknatto/ - Exploit, Mitigation, Technical Description, Third Party Advisory () https://www.nomotion.net/blog/sharknatto/ - Exploit, Mitigation, Technical Description, Third Party Advisory

Information

Published : 2017-09-03 19:29

Updated : 2024-11-21 03:12


NVD link : CVE-2017-14117

Mitre link : CVE-2017-14117

CVE.ORG link : CVE-2017-14117


JSON object : View

Products Affected

commscope

  • arris_nvg599
  • arris_nvg589

att

  • u-verse_firmware
CWE
CWE-287

Improper Authentication