Sign-up

ID

VAR-201709-0365


CVE

CVE-2017-14117


TITLE

AT&T U-verse Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007774

DESCRIPTION

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. AT&T U-verse There are authentication vulnerabilities in the firmware.Information may be tampered with. ArrisNVG589 and NVG599 are router products of Arris Group of the United States. AT&TU-verse is the firmware used in it. A security vulnerability exists in the AT&TU-verse9.2.2h0d83 version of ArrisNVG589 and NVG599. A remote attacker can exploit this vulnerability to establish an arbitrary TCP connection with an internal host. AT&T U-verse Arris Modems are prone to following security vulnerabilities: 1. 2. An information-disclosure vulnerability 3. A command injection vulnerability 4. A security-bypass vulnerability Attackers can exploit these issues to obtain sensitive information, execute arbitrary code and perform unauthorized actions., which may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2017-14117 // JVNDB: JVNDB-2017-007774 // CNVD: CNVD-2017-31552 // BID: 100585 // VULHUB: VHN-104807

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-31552

AFFECTED PRODUCTS

vendor:attmodel:u-versescope:eqversion:9.2.2h0d83

Trust: 1.6

vendor:at tmodel:u-versescope:eqversion:9.2.2h0d83

Trust: 0.8

vendor:arrismodel:nvg589scope:eqversion:0

Trust: 0.6

vendor:arrismodel:nvg599scope:eqversion:0

Trust: 0.6

vendor:arrismodel:at&t u-verse 9.2.2h0d83scope: - version: -

Trust: 0.6

vendor:at tmodel:u-verse 9.2.2h0d83scope: - version: -

Trust: 0.3

vendor:at tmodel:arris nvg599scope:eqversion:0

Trust: 0.3

vendor:at tmodel:arris nvg589scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-31552 // BID: 100585 // JVNDB: JVNDB-2017-007774 // CNNVD: CNNVD-201709-039 // NVD: CVE-2017-14117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14117
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-14117
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-31552
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-039
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104807
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14117
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-31552
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-104807
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14117
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-31552 // VULHUB: VHN-104807 // JVNDB: JVNDB-2017-007774 // CNNVD: CNNVD-201709-039 // NVD: CVE-2017-14117

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-104807 // JVNDB: JVNDB-2017-007774 // NVD: CVE-2017-14117

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-039

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201709-039

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007774

PATCH
title:Top Pageurl:https://www.att.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-007774

EXTERNAL IDS
db:NVDid:CVE-2017-14117
Trust: 3.4
db:BIDid:100585
Trust: 2.0
db:JVNDBid:JVNDB-2017-007774
Trust: 0.8
db:CNNVDid:CNNVD-201709-039
Trust: 0.7
db:CNVDid:CNVD-2017-31552
Trust: 0.6
db:VULHUBid:VHN-104807
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-31552 // 
            
            
            
            VULHUB: VHN-104807 // 
            
            
            
            BID: 100585 // 
            
            
            
            JVNDB: JVNDB-2017-007774 // 
            
            
            
            CNNVD: CNNVD-201709-039 // 
            
            
            
            NVD: CVE-2017-14117

REFERENCES
url:https://www.nomotion.net/blog/sharknatto/
Trust: 3.4
url:https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/
Trust: 2.3
url:http://www.securityfocus.com/bid/100585
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14117
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14117
Trust: 0.8
url:https://www.tenable.com/blog/hardcoded-credentials-expose-customers-of-att-u-verse
Trust: 0.3
url:https://www.att.com/
Trust: 0.3
url:https://www.tenable.com/plugins/index.php?view=single&id=102915
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-31552 // 
            
            
            
            VULHUB: VHN-104807 // 
            
            
            
            BID: 100585 // 
            
            
            
            JVNDB: JVNDB-2017-007774 // 
            
            
            
            CNNVD: CNNVD-201709-039 // 
            
            
            
            NVD: CVE-2017-14117

CREDITS
Nomotion
Trust: 0.3
sources:
            
            
            BID: 100585

SOURCES
db:CNVDid:CNVD-2017-31552
db:VULHUBid:VHN-104807
db:BIDid:100585
db:JVNDBid:JVNDB-2017-007774
db:CNNVDid:CNNVD-201709-039
db:NVDid:CVE-2017-14117

LAST UPDATE DATE
2025-04-20T23:02:03.367000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-31552date:2017-10-26T00:00:00
db:VULHUBid:VHN-104807date:2017-09-13T00:00:00
db:BIDid:100585date:2017-08-31T00:00:00
db:JVNDBid:JVNDB-2017-007774date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201709-039date:2017-09-05T00:00:00
db:NVDid:CVE-2017-14117date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-31552date:2017-10-26T00:00:00
db:VULHUBid:VHN-104807date:2017-09-03T00:00:00
db:BIDid:100585date:2017-08-31T00:00:00
db:JVNDBid:JVNDB-2017-007774date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201709-039date:2017-09-05T00:00:00
db:NVDid:CVE-2017-14117date:2017-09-03T19:29:00.330