CVE-2017-10793

Name of the Vulnerable Software and Affected Versions AT&T U-verse firmware version 9.2.2h0d83 for Arris NVG589 and NVG599 devices

Description The issue concerns the configuration of an sbdc.ha WAN TCP service on port 61001 with a specific account and password, allowing remote attackers to obtain sensitive information, such as the Wi-Fi password, by leveraging knowledge of a hardware identifier. This is related to the Bulk Data Collection (BDC) mechanism.

Recommendations For AT&T U-verse firmware version 9.2.2h0d83, consider disabling the sbdc.ha WAN TCP service on port 61001 as a temporary workaround until a patch is available. Restrict access to the bdctest account to minimize the risk of exploitation.