CVE-2017-14117
MEDIUMAT&T U-verse Firmware 9.2.2h0d83 - Unauthenticated Intranet Proxy Access via WAN Port 49152
Title source: manualDescription
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100585
Exploit, Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://www.nomotion.net/blog/sharknatto/
Scores
CVSS v3
5.9
EPSS
0.0802
EPSS Percentile
94.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
att/u-verse_firmware
9.2.2h0d83
Published
Sep 03, 2017
Tracked Since
Feb 18, 2026