Login Sign Up

CVE-2017-17877

9.8 CRITICAL

📋 TL;DR

This vulnerability allows remote attackers to gain root access to Steam Link devices by exploiting default SSH configuration over IPv6. Attackers can brute-force MAC addresses to establish SSH connections when the device's development SSH daemon is enabled. This affects Steam Link devices with SSH enabled for local development.

💻 Affected Systems

Products:
  • Valve Steam Link
Versions: Build 643 and earlier
Operating Systems: Steam Link OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when SSH daemon is enabled for local development. This is not the default for production devices but is commonly enabled by developers.

📦 What is this software?

Steam Link Firmware by Valvesoftware

View all CVEs affecting Steam Link Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root access, allowing installation of malware, data theft, or use as a pivot point into the local network.

🟠

Likely Case

Remote root access to the Steam Link device, enabling attackers to modify device functionality, intercept network traffic, or use it for further attacks.

🟢

If Mitigated

No impact if SSH is disabled or proper network segmentation/firewall rules are in place.

🌐 Internet-Facing: HIGH - Devices are publicly accessible via IPv6 by default when SSH is enabled, with relatively easy brute-force attack.
🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers, but requires network access and MAC address guessing.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires guessing 24 bits of MAC address, which is feasible with automated tools. Often exploited in conjunction with CVE-2017-17878.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later builds after 643

Vendor Advisory: https://github.com/ValveSoftware/steamlink-sdk/issues/119

Restart Required: Yes

Instructions:

1. Update Steam Link firmware to latest version. 2. Disable SSH if not needed for development. 3. Apply network firewall rules to block external SSH access.

🔧 Temporary Workarounds

Disable SSH Daemon

linux

Turn off SSH service if not required for development work

ssh root@steamlink 'systemctl disable sshd'
ssh root@steamlink 'systemctl stop sshd'

Block External SSH Access

linux

Configure firewall to block incoming SSH connections from external networks

iptables -A INPUT -p tcp --dport 22 -s ! 192.168.0.0/16 -j DROP
ip6tables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

  • Disable SSH daemon completely if not needed for development
  • Implement strict network segmentation and firewall rules to block all external access to port 22/TCP

🔍 How to Verify

Check if Vulnerable:

Check if SSH is listening on port 22 and accessible from external networks: nmap -6 -p22 <steamlink_ipv6_address>

Check Version:

ssh root@steamlink 'cat /etc/version' or check device settings menu

Verify Fix Applied:

Verify SSH is not accessible externally: nmap -6 -p22 <steamlink_ipv6_address> should show filtered/closed

📡 Detection & Monitoring

Log Indicators:

  • Failed SSH login attempts from external IPs
  • Successful root logins from unexpected sources
  • Multiple SSH connection attempts with different usernames

Network Indicators:

  • Incoming SSH connections on port 22 from external IPv6 addresses
  • Brute-force patterns against SSH service

SIEM Query:

source="ssh_logs" (failed OR invalid) AND port=22 AND src_ip_v6=*

📊 Metadata

CVE ID: CVE-2017-17877
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: December 27, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON