CVE-2017-14117

Name of the Vulnerable Software and Affected Versions Arris NVG589 and NVG599 devices with AT&T U-verse 9.2.2h0d83 firmware

Description The issue concerns an unauthenticated proxy service configured on WAN TCP port 49152. This allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending specific values, including x2axcex01 followed by other predictable values.

Recommendations For Arris NVG589 and NVG599 devices with AT&T U-verse 9.2.2h0d83 firmware, consider using IP Passthrough mode to mitigate the risk of exploitation. As a temporary workaround, restrict access to WAN TCP port 49152 until a patch is available.