PT-2017-13259 · Arris · Arris Nvg589+1

Published

2017-09-03

Updated

2021-08-23

CVE-2017-14115

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Arris NVG589 and NVG599 devices version 9.2.2h0d83

Description The firmware configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password when IP Passthrough mode is not used. This allows remote attackers to access a "Terminal shell v1.0" service and obtain unrestricted root privileges by establishing an SSH session and entering certain shell metacharacters and BusyBox commands.

Recommendations For version 9.2.2h0d83, consider disabling the WAN SSH logins to the remotessh account until a patch is available. Restrict access to the SSH service to minimize the risk of exploitation. Avoid using the default password 5SaP9I26 for the remotessh account.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2017-14115

Affected Products

Arris Nvg589

Arris Nvg599

PT-2017-13259 · Arris · Arris Nvg589+1

CVE-2017-14115

Weakness Enumeration

Related Identifiers

Affected Products

References · 6