CVE-2017-14116

Name of the Vulnerable Software and Affected Versions Arris NVG599 device with AT&T U-verse 9.2.2h0d83 firmware

Description The issue allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software. This is possible because the device configures WAN access to a caserver https service with the tech account and an empty password when IP Passthrough mode is not used.

Recommendations For Arris NVG599 device with AT&T U-verse 9.2.2h0d83 firmware, consider disabling access to port 49955 as a temporary workaround until a patch is available. Restrict access to the caserver https service to minimize the risk of exploitation. Avoid using an empty password for the tech account in the caserver configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.