CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44857
https://notcve.org/view.php?id=CVE-2023-44857
12 Apr 2024 — An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. Un problema en Cobham SAILOR VSAT Ku v.164B019 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función sub_21D24 en el componente acu_web. • https://pine-amphibian-9b9.notion.site/SAILOR-Ku-Software-RCE-and-Privilege-Escalation-Statistics-report-b8e953249468429d9f60b89ff653847a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-44855
https://notcve.org/view.php?id=CVE-2023-44855
12 Apr 2024 — Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file. Vulnerabilidad de Cross Site Scripting (XSS) en Cobham SAILOR VSAT Ku v.164B019 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para los parámetros rdiag, remitente y destinatarios de la función sub_219C4 en el archivo acu_web. • https://pine-amphibian-9b9.notion.site/ENG-SAILOR-Ku-Software-XSS-Diagnostics-report-019462dcebf6428da34dd7daee21583b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44853
https://notcve.org/view.php?id=CVE-2023-44853
12 Apr 2024 — \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. Se descubrió un problema en Cobham SAILOR VSAT Ku v.164B019, que permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función sub_219C4 en el archivo acu_web. • https://pine-amphibian-9b9.notion.site/SAILOR-Ku-Software-RCE-and-Privilege-Escalation-Diagnostics-report-0f3923d0ed434705b7ed4a6174218c2b?pvs=4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9534 – The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image
https://notcve.org/view.php?id=CVE-2019-9534
10 Oct 2019 — The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service. El Cobham EXPLORER 710, versión de firmware 1.07, no comprueba su imagen de firmw... • https://kb.cert.org/vuls/id/719689 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9533 – The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08
https://notcve.org/view.php?id=CVE-2019-9533
10 Oct 2019 — The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. La contraseña de root del Cobham EXPLORER 710 es la misma para todas las versiones de firmware hasta la v1.08 incluyéndola. Esto podría permitir a un atacante aplicar ingeniería inversa a la contraseña de las versiones disponibles para conseguir acceso autenticado al d... • https://kb.cert.org/vuls/id/719689 • CWE-522: Insufficiently Protected Credentials CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9532 – The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext
https://notcve.org/view.php?id=CVE-2019-9532
10 Oct 2019 — The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. El portal de aplicaciones web del Cobham EXPLORER 710, versión de firmware 1.07, envía la contraseña de inicio de sesión en texto sin cifrar. Esto podría permitir a un atacante local no autenticado interceptar la contraseña y obtener acceso al portal. • https://kb.cert.org/vuls/id/719689 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9531 – The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands
https://notcve.org/view.php?id=CVE-2019-9531
10 Oct 2019 — The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device. El portal de aplicaciones web del Cobham EXPLORER 710, versión de firmware 1.07, permite el acceso no autenticado al puerto 5454. Esto podría permitir a un atacante remoto no autentica... • https://kb.cert.org/vuls/id/719689 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9530 – The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files
https://notcve.org/view.php?id=CVE-2019-9530
10 Oct 2019 — The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory. El directorio root web del Cobham EXPLORER 710, versión de firmware 1.07, no presenta restricciones de acceso para descargar y leer todos los archivos. Esto podría permitir que un atacante local no autenticado conectado al dispositi... • https://kb.cert.org/vuls/id/719689 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9529 – The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default
https://notcve.org/view.php?id=CVE-2019-9529
10 Oct 2019 — The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. El portal de aplicaciones web del Cobham EXPLORER 710, versión de firmware 1.07, no presenta autenticación por defecto. Esto podría permitir que un atacante local no autenticado conectado al dispositivo acceda al portal y realice cualquier cambio en el dispositivo. • https://kb.cert.org/vuls/id/719689 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2019-16320
https://notcve.org/view.php?id=CVE-2019-16320
15 Sep 2019 — Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community. Los dispositivos Cobham Sea Tel versiones v170 224521 hasta v194 225444, permiten a atacantes obtener información potencialmente confidencial, tales como la latitud y longitud de un barco, por medio de la comunidad SNMP pública. • https://misteralfa-hack.blogspot.com/2019/09/cobham-terminales-satelitales-seatel.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •