CATEGORIES
home News

AT&T Uverse Modems Reportedly Are Riddled Like Swiss Cheese With Security Holes

by Rob WilliamsSunday, September 03, 2017, 02:28 PM EDT

Because there clearly haven't been enough ISP router vulnerabilities popping up this past year, another one helps usher in the new month. This one is being dubbed "SharknAT&To" (because every vulnerability needs a catchy name!), a portmanteau involving the cult classic in-the-making, Sharknado, and leading internet service provider, AT&T.

SharknAT&To was outed by security researcher J Hutchins, whose team discovered a handful of vulnerabilities on AT&T's U-verse modems. At this point, it's not clear just how many devices are affected, but if you are a U-verse subscriber and are equipped with an Arris modem, you may want to be on alert. In particular, confirmed affected models include the NVG589, and NVG599.

nvg 589 hero

While some security researchers decide to alert the affected vendors ahead of the public, Hutchins took a more carefree approach, releasing everything needed to exploit the vulnerability on your own. At this point, we haven't been able to find many signs of third-party confirmations, but there has been at least one person who backs up the claim.

If you want to see if you have a vulnerable modem, you need to try connecting to it through SSH (Putty is a good option for Windows users), presumably with the default port of 22. Hutchins says that the username is 'remotessh', and password, '5SaP9I26'. Beyond that, you can also run a port scan on your home IP address from another internet service that's not AT&T (you could install an app and use your mobile connection, in the worst case) to see if any of the exploitable services are running on the modem.

Arris NVG589 Modem Vulnerability
Example of logging in with Arris NVG589's hard-coded root account

According to Hutchins, logging in via the aforementioned account will automatically grant root access, meaning that absolutely anything someone wants to reconfigure on your modem is going to be made a lot easier - no privilege escalation bug needed.

At this point in time, very little information is known on this issue outside of the original blog post (which is quite detailed), but the issue is too severe to ignore, so if you're a U-verse customer, it'd be worth doing a little investigative work. Based on the comments at the source (found below), if you're using your U-verse modem in a passthrough configuration, you're more than likely not vulnerable to this exploit. A simple fix for a potentially disastrous vulnerability.

As of the time of writing, it doesn't appear that either AT&T or Arris have acknowledged this bug.

Tags:  security, Router, ISP, NYSE: T, at&t
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment