Details of VAR-201709-0364

ID

VAR-201709-0364

CVE

CVE-2017-14116

TITLE

AT&T U-verse Vulnerability in using hardcoded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-007775

DESCRIPTION

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support. AT&T U-verse The firmware contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. AT&T U-verse Arris Modems are prone to following security vulnerabilities: 1. An Hardcoded Credential Security Bypass vulnerability. 2. An information-disclosure vulnerability 3. A command injection vulnerability 4. A security-bypass vulnerability Attackers can exploit these issues to obtain sensitive information, execute arbitrary code and perform unauthorized actions., which may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition. Arris NVG599 is a router product of American Arris Group Company. AT&T U-verse is the firmware used in it

Trust: 1.98

sources: NVD: CVE-2017-14116 // JVNDB: JVNDB-2017-007775 // BID: 100585 // VULHUB: VHN-104806

AFFECTED PRODUCTS

vendor:	att	model:	u-verse	scope:	eq	version:	9.2.2h0d83	Trust: 1.6
vendor:	at t	model:	u-verse	scope:	eq	version:	9.2.2h0d83	Trust: 0.8
vendor:	at t	model:	u-verse 9.2.2h0d83	scope:	-	version:	-	Trust: 0.3
vendor:	at t	model:	arris nvg599	scope:	eq	version:	0	Trust: 0.3
vendor:	at t	model:	arris nvg589	scope:	eq	version:	0	Trust: 0.3

sources: BID: 100585 // JVNDB: JVNDB-2017-007775 // CNNVD: CNNVD-201709-038 // NVD: CVE-2017-14116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14116
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-14116
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201709-038
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-104806
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-14116
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-104806
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-14116
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-104806 // JVNDB: JVNDB-2017-007775 // CNNVD: CNNVD-201709-038 // NVD: CVE-2017-14116

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-104806 // JVNDB: JVNDB-2017-007775 // NVD: CVE-2017-14116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-038

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201709-038

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007775

PATCH

title:

Top Page

url:

https://www.att.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-007775

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14116	Trust: 2.8
db:	BID	id:	100585	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-007775	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-038	Trust: 0.7
db:	VULHUB	id:	VHN-104806	Trust: 0.1

sources: VULHUB: VHN-104806 // BID: 100585 // JVNDB: JVNDB-2017-007775 // CNNVD: CNNVD-201709-038 // NVD: CVE-2017-14116

REFERENCES

url:	https://www.nomotion.net/blog/sharknatto/	Trust: 2.8
url:	https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/	Trust: 1.7
url:	http://www.securityfocus.com/bid/100585	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14116	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14116	Trust: 0.8
url:	https://www.tenable.com/blog/hardcoded-credentials-expose-customers-of-att-u-verse	Trust: 0.3
url:	https://www.att.com/	Trust: 0.3
url:	https://www.tenable.com/plugins/index.php?view=single&id=102915	Trust: 0.3

sources: VULHUB: VHN-104806 // BID: 100585 // JVNDB: JVNDB-2017-007775 // CNNVD: CNNVD-201709-038 // NVD: CVE-2017-14116

CREDITS

Nomotion

Trust: 0.3

sources: BID: 100585

SOURCES

db:	VULHUB	id:	VHN-104806
db:	BID	id:	100585
db:	JVNDB	id:	JVNDB-2017-007775
db:	CNNVD	id:	CNNVD-201709-038
db:	NVD	id:	CVE-2017-14116

LAST UPDATE DATE

2025-04-20T20:32:44.953000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-104806	date:	2017-09-13T00:00:00
db:	BID	id:	100585	date:	2017-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-007775	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201709-038	date:	2017-09-05T00:00:00
db:	NVD	id:	CVE-2017-14116	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-104806	date:	2017-09-03T00:00:00
db:	BID	id:	100585	date:	2017-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-007775	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201709-038	date:	2017-09-05T00:00:00
db:	NVD	id:	CVE-2017-14116	date:	2017-09-03T19:29:00.300