#VU8050 SSH backdoor in NVG599 and NVG589
Published: August 31, 2017 / Updated: August 31, 2017
Vulnerability identifier: #VU8050
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
NVG599
NVG589
NVG599
NVG589
Software vendor:
Arris
Arris
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target device.
The weakness exist due to use of hardcoded credentials. A remote attacker can use the default "remotessh/5SaP9I26" username and password combo to authenticate on any modem, gain access to the modem’s “cshell” client over SSH and obtain root privileges.
The weakness exist due to use of hardcoded credentials. A remote attacker can use the default "remotessh/5SaP9I26" username and password combo to authenticate on any modem, gain access to the modem’s “cshell” client over SSH and obtain root privileges.
Remediation
To disable the SSH backdoor, preform the following commands. Substitute “ipaddress” with your gateway’s IP address (internal or external).
ssh remotessh@ipaddress
(Enter password 5SaP9I26)
NOS/255291283229493> configure
Config Mode v1.3
NOS/255291283229493 (top)>> set management remote-access ssh-permanent-enable off
NOS/255291283229493 (top)>> save
NOS/255291283229493 (top)>> exit
NOS/255291283229493> restart