8.1

CVE-2017-10793

Exploit

EPSS 1.39%
Veröffentlicht 03.09.2017 19:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Att ≫ U-verse Firmware Version9.2.2h0d83

Commscope ≫ Arris Nvg589 Version-
Commscope ≫ Arris Nvg599 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.39%	0.785

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/100585

Third Party Advisory

VDB Entry

https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/

Third Party Advisory

https://www.nomotion.net/blog/sharknatto/

Third Party Advisory

Exploit

Mitigation

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2017-10793

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10793

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10793

EUVD