ID
VAR-201709-1240
TITLE
Arris Modems hard-coded backdoor vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2017-24360
DESCRIPTION
Arris Modems is a modem produced by telecommunications equipment manufacturer Arris, a network access device customized for AT&T home users. Arris Modems has a hard-coded backdoor vulnerability. The modem enables SSH by default and allows Internet connections. Attackers use the built-in default account password "remotessh/5SaP9I26" to access, and can directly obtain ROOT permissions and perform arbitrary operations.
Trust: 0.6
sources:
CNVD: CNVD-2017-24360
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-24360
AFFECTED PRODUCTS
| vendor: | arris | model: | nvg589 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | arris | model: | nvg599 | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-24360
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2017-24360
PATCH
| title: | Patch for Arris Modems hard-coded backdoor vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/101382 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-24360
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2017-24360 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-24360
REFERENCES
| url: | https://www.bleepingcomputer.com/news/security/three-hardcoded-backdoor-accounts-discovered-in-arris-modems/ | Trust: 0.6 |
sources:
CNVD: CNVD-2017-24360
SOURCES
| db: | CNVD | id: | CNVD-2017-24360 |
LAST UPDATE DATE
2022-05-04T09:39:24.245000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-24360 | date: | 2020-03-10T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-24360 | date: | 2017-09-01T00:00:00 |