Orlando Padilla

**Name of the Vulnerable Software and Affected Versions** AT&T U-verse firmware version 9.2.2h0d83 for Arris NVG589 and NVG599 devices **Description** The issue concerns the configuration of an sbdc.ha WAN TCP service on port 61001 with a specific account and password, allowing remote attackers to obtain sensitive information, such as the Wi-Fi password, by leveraging knowledge of a hardware identifier. This is related to the Bulk Data Collection (BDC) mechanism. **Recommendations** For AT&T U-verse firmware version 9.2.2h0d83, consider disabling the sbdc.ha WAN TCP service on port 61001 as a temporary workaround until a patch is available. Restrict access to the bdctest account to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CA Software Delivery versions r11.2 C1 through r11.2 SP4 Unicenter Software Delivery version 4.0 C3 CA Advantage Data Transport version 3.0 C1 CA IT Client Manager version r12 **Description** The issue is a stack-based buffer overflow in the dtscore library, specifically in a token searching function within Data Transport Services. This allows remote attackers to execute arbitrary code via crafted data. **Recommendations** For CA Software Delivery versions r11.2 C1 through r11.2 SP4, update to a version that includes a fix for the buffer overflow issue in the dtscore library. For Unicenter Software Delivery version 4.0 C3, update to a version that includes a fix for the buffer overflow issue in the dtscore library. For CA Advantage Data Transport version 3.0 C1, update to a version that includes a fix for the buffer overflow issue in the dtscore library. For CA IT Client Manager version r12, update to a version that includes a fix for the buffer overflow issue in the dtscore library.