11 matches found
EUVD-2017-2438
Malware in sbrugna...
EUVD-2017-5627
Malware in sbrugna...
Arris NVG589 and NVG599 AT&T U-verse Command Injection Vulnerabilities
The Arris NVG589 and NVG599 are both router products from the Arris Group of Companies in the U.S. The AT&T U-verse is the firmware used in... A security vulnerability exists in the AT&T U-verse version 9.2.2h0d83 in the Arris NVG589 and NVG599. A remote attacker can exploit the vulnerability by...
Arris NVG589 and NVG599 AT&T U-verse Authentication Vulnerabilities
The Arris NVG589 and NVG599 are both router products from the Arris Group of Companies in the U.S. The AT&T U-verse is the firmware used in... A security vulnerability exists in the AT&T U-verse version 9.2.2h0d83 in the Arris NVG589 and NVG599. A remote attacker could exploit this vulnerability ...
Arris NVG589 and NVG599 AT&T U-verse Information Disclosure Vulnerabilities
The Arris NVG589 and NVG599 are both router products from the Arris Group of Companies in the U.S. The AT&T U-verse is the firmware used in... A security vulnerability exists in the AT&T U-verse version 9.2.2h0d83 in the Arris NVG589 and NVG599. A remote attacker could exploit the vulnerability t...
Design/Logic Flaw
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive...
CVE-2017-14117
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01...
Code injection
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01...
CVE-2017-14117
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01...
CVE-2017-10793
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive...
CVE-2017-14115
The CVE-2017-14115 entry concerns AT&T U-verse firmware 9.2.2h0d83 on Arris NVG589/NVG599. The flaw arises when IP Passthrough is not used, configuring ssh-permanent-enable WAN SSH logins for the remotessh account with password 5SaP9I26. An attacker establishing an SSH session can trigger a Termi...