8.1

CVE-2017-10793

Exploit

EPSS 1.39%
Published 03.09.2017 19:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Att ≫ U-verse Firmware Version9.2.2h0d83

Commscope ≫ Arris Nvg589 Version-
Commscope ≫ Arris Nvg599 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.39%	0.785

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/100585

Third Party Advisory

VDB Entry

https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/

Third Party Advisory

https://www.nomotion.net/blog/sharknatto/

Third Party Advisory

Exploit

Mitigation

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2017-10793

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10793

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10793

EUVD