CVE-2017-10793

Summary

CVE	CVE-2017-10793
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-09-03 19:29:00 UTC
Updated	2021-08-23 17:24:00 UTC
Description	The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Arris	Nvg589	-	All	All	All
Hardware	Arris	Nvg589	-	All	All	All
Hardware	Arris	Nvg599	-	All	All	All
Hardware	Arris	Nvg599	-	All	All	All
Operating System	Att	U-verse Firmware	9.2.2h0d83	All	All	All
Operating System	Att	U-verse Firmware	9.2.2h0d83	All	All	All
Hardware	Commscope	Arris Nvg589	-	All	All	All
Hardware	Commscope	Arris Nvg599	-	All	All	All

References

Reference	Source	Link	Tags
AT&T U-verse Arris Modems Multiple Security Vulnerabilities	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
SharknAT&To - Nomotion Blog	MISC	www.nomotion.net	Exploit, Mitigation, Technical Description, Third Party Advisory
Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks \| Threatpost \| The first stop for security news	MISC	threatpost.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.