Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Arris Subscribe
Filtered by product Nvg599
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31793 2 Arris, Inglorion 13 Bgw210, Bgw210 Firmware, Bgw320 and 10 more 2022-08-11 N/A 7.5 HIGH
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
CVE-2017-14116 2 Arris, Att 2 Nvg599, U-verse Firmware 2017-09-13 9.3 HIGH 8.1 HIGH
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.
CVE-2017-14117 2 Arris, Att 3 Nvg589, Nvg599, U-verse Firmware 2017-09-13 4.3 MEDIUM 5.9 MEDIUM
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.