Sign-up

ID

VAR-201709-0218


CVE

CVE-2017-10793


TITLE

AT&T U-verse Information disclosure vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-007776

DESCRIPTION

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports. AT&T U-verse Firmware contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ArrisNVG589 and NVG599 are router products of Arris Group of the United States. AT&TU-verse is the firmware used in it. A security vulnerability exists in the AT&TU-verse9.2.2h0d83 version of ArrisNVG589 and NVG599. A remote attacker can exploit this vulnerability to obtain sensitive information (for example, a Wi-Fi password). AT&T U-verse Arris Modems are prone to following security vulnerabilities: 1. 2. An information-disclosure vulnerability 3. A command injection vulnerability 4. Failed exploit attempts may result in a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2017-10793 // JVNDB: JVNDB-2017-007776 // CNVD: CNVD-2017-31556 // BID: 100585 // VULHUB: VHN-101151

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:router

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-31556

AFFECTED PRODUCTS

vendor:attmodel:u-versescope:eqversion:9.2.2h0d83

Trust: 1.6

vendor:at tmodel:u-versescope:eqversion:9.2.2h0d83

Trust: 0.8

vendor:arrismodel:nvg589scope:eqversion:0

Trust: 0.6

vendor:arrismodel:nvg599scope:eqversion:0

Trust: 0.6

vendor:arrismodel:at&t u-verse 9.2.2h0d83scope: - version: -

Trust: 0.6

vendor:at tmodel:u-verse 9.2.2h0d83scope: - version: -

Trust: 0.3

vendor:at tmodel:arris nvg599scope:eqversion:0

Trust: 0.3

vendor:at tmodel:arris nvg589scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-31556 // BID: 100585 // JVNDB: JVNDB-2017-007776 // CNNVD: CNNVD-201707-003 // NVD: CVE-2017-10793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10793
value: HIGH

Trust: 1.0

NVD: CVE-2017-10793
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-31556
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201707-003
value: HIGH

Trust: 0.6

VULHUB: VHN-101151
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10793
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-31556
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-101151
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10793
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-31556 // VULHUB: VHN-101151 // JVNDB: JVNDB-2017-007776 // CNNVD: CNNVD-201707-003 // NVD: CVE-2017-10793

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-101151 // JVNDB: JVNDB-2017-007776 // NVD: CVE-2017-10793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-003

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201707-003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007776

PATCH
title:Top Pageurl:https://www.att.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-007776

EXTERNAL IDS
db:NVDid:CVE-2017-10793
Trust: 3.5
db:BIDid:100585
Trust: 2.6
db:JVNDBid:JVNDB-2017-007776
Trust: 0.8
db:CNNVDid:CNNVD-201707-003
Trust: 0.7
db:CNVDid:CNVD-2017-31556
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-101151
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-31556 // 
            
            
            
            VULHUB: VHN-101151 // 
            
            
            
            BID: 100585 // 
            
            
            
            JVNDB: JVNDB-2017-007776 // 
            
            
            
            CNNVD: CNNVD-201707-003 // 
            
            
            
            NVD: CVE-2017-10793

REFERENCES
url:https://www.nomotion.net/blog/sharknatto/
Trust: 2.8
url:https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/
Trust: 2.3
url:http://www.securityfocus.com/bid/100585
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10793
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10793
Trust: 0.8
url:https://www.tenable.com/blog/hardcoded-credentials-expose-customers-of-att-u-verse
Trust: 0.3
url:https://www.att.com/
Trust: 0.3
url:https://www.tenable.com/plugins/index.php?view=single&id=102915
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-31556 // 
            
            
            
            VULHUB: VHN-101151 // 
            
            
            
            BID: 100585 // 
            
            
            
            JVNDB: JVNDB-2017-007776 // 
            
            
            
            CNNVD: CNNVD-201707-003 // 
            
            
            
            NVD: CVE-2017-10793

CREDITS
Nomotion
Trust: 0.3
sources:
            
            
            BID: 100585

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-31556
db:VULHUBid:VHN-101151
db:BIDid:100585
db:JVNDBid:JVNDB-2017-007776
db:CNNVDid:CNNVD-201707-003
db:NVDid:CVE-2017-10793

LAST UPDATE DATE
2025-04-20T22:33:56.462000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-31556date:2017-10-26T00:00:00
db:VULHUBid:VHN-101151date:2017-09-13T00:00:00
db:BIDid:100585date:2017-08-31T00:00:00
db:JVNDBid:JVNDB-2017-007776date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201707-003date:2021-08-24T00:00:00
db:NVDid:CVE-2017-10793date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-31556date:2017-10-26T00:00:00
db:VULHUBid:VHN-101151date:2017-09-03T00:00:00
db:BIDid:100585date:2017-08-31T00:00:00
db:JVNDBid:JVNDB-2017-007776date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201707-003date:2017-07-03T00:00:00
db:NVDid:CVE-2017-10793date:2017-09-03T19:29:00.207