CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19394
https://notcve.org/view.php?id=CVE-2018-19394
15 Mar 2019 — Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file. Los dispositivos Cobham Satcom Sailor 800 y 900 contenían Cross-Site Scripting (XSS) persistente, que requería acceso administrativo para su explotación. La vulnerabilidad era explot... • https://cyberskr.com/blog/cobham-satcom-800-900.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19391
https://notcve.org/view.php?id=CVE-2018-19391
15 Mar 2019 — Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. Los dispositivos Cobham Satcom Sailor 250 y 500, en versiones anteriores a la 1.25, contienen Cross-Site Scripting (XSS) persistente, que puede ser explotado por un actor de amenaza no autenticado mediante el campo de nombre en /index.lua?pageID=Phone%20book. • https://cyberskr.com/blog/cobham-satcom-250-500.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19393
https://notcve.org/view.php?id=CVE-2018-19393
15 Mar 2019 — Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation. Los dispositivos Cobham Satcom Sailor 800 y 900 contenían una vulnerabilidad ... • https://cyberskr.com/blog/cobham-satcom-800-900.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2018-19392
https://notcve.org/view.php?id=CVE-2018-19392
15 Mar 2019 — Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields). Los dispositivos Cobham Satcom Sailor 250 y 500, en versiones anteriores a la 1.25... • https://cyberskr.com/blog/cobham-satcom-250-500.html • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2018-5728
https://notcve.org/view.php?id=CVE-2018-5728
16 Jan 2018 — Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. Los dispositivos Cobham Sea Tel 121 build 222701 permiten que atacantes remotos obtengan información potencialmente sensible mediante una petición en /cgi-bin/getSysStatus, tal y como demuestra la latitud/longitud del barco o los detalles del satélite. • https://github.com/ezelf/seatel_terminals • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-5267
https://notcve.org/view.php?id=CVE-2018-5267
08 Jan 2018 — Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. Los dispositivos Cobham Sea Tel 121 build 222701 permiten que los atacantes remotos omitan la autenticación mediante una petición directa a MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html o MenuSys.html. • http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-5071
https://notcve.org/view.php?id=CVE-2018-5071
08 Jan 2018 — Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP. Existe Cross-Site Scripting (XSS) persistente en el servidor web en los dispositivos de sistema de comunicación por satélite Cobham Sea Tel 116 build 222429. Los atacantes remotos pueden ... • http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 1CVE-2018-5266
https://notcve.org/view.php?id=CVE-2018-5266
08 Jan 2018 — Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1. Los dispositivos Cobham Sea Tel 121 build 222701 permiten que los atacantes remotos obtengan información potencialmente sensible sobre n... • http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2942
https://notcve.org/view.php?id=CVE-2014-2942
22 Sep 2014 — Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. Los terminales de satélite Cobham Aviator 700D y 700E utiliza un algoritmo inadecuado para códigos PIN, lo que facilita a atacantes obtener sesiones de terminales privilegiadas calculando el código de superusuario, y luego aprovechar el... • http://www.kb.cert.org/vuls/id/882207 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2941
https://notcve.org/view.php?id=CVE-2014-2941
15 Aug 2014 — Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states "there is no possibility to exploit another user's credentials. ** DISPUTADA ** los terminales de satélite Cobham Sailor 6000 tiene las credenciales Tbus 2 embebidas, lo que permite a atacantes remotos obtener acceso a través de un comando TBUS2. NOTA: el proveedor declara que 'no existe la posibilidad de explotar las credenciales de... • http://www.kb.cert.org/vuls/id/269991 •