PT-2017-13261 · Arris+1 · Arris Nvg589+2
Published
2017-09-03
·
Updated
2017-09-13
·
CVE-2017-14117
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Arris NVG589 and NVG599 devices with AT&T U-verse 9.2.2h0d83 firmware
Description
The issue concerns an unauthenticated proxy service configured on WAN TCP port 49152. This allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending specific values, including
x2axcex01 followed by other predictable values.Recommendations
For Arris NVG589 and NVG599 devices with AT&T U-verse 9.2.2h0d83 firmware, consider using IP Passthrough mode to mitigate the risk of exploitation. As a temporary workaround, restrict access to WAN TCP port 49152 until a patch is available.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
At&T U-Verse
Arris Nvg589
Arris Nvg599