AT&T U-verse Firmware Vulnerability: Unauthorized Remote Access and Root Privilege Escalation

AT&T U-verse Firmware Vulnerability: Unauthorized Remote Access and Root Privilege Escalation

CVE-2017-14115 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands.

Learn more about our Web Application Penetration Testing UK.