CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9534 – The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image
https://notcve.org/view.php?id=CVE-2019-9534
10 Oct 2019 — The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service. El Cobham EXPLORER 710, versión de firmware 1.07, no comprueba su imagen de firmw... • https://kb.cert.org/vuls/id/719689 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9533 – The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08
https://notcve.org/view.php?id=CVE-2019-9533
10 Oct 2019 — The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. La contraseña de root del Cobham EXPLORER 710 es la misma para todas las versiones de firmware hasta la v1.08 incluyéndola. Esto podría permitir a un atacante aplicar ingeniería inversa a la contraseña de las versiones disponibles para conseguir acceso autenticado al d... • https://kb.cert.org/vuls/id/719689 • CWE-522: Insufficiently Protected Credentials CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9532 – The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext
https://notcve.org/view.php?id=CVE-2019-9532
10 Oct 2019 — The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. El portal de aplicaciones web del Cobham EXPLORER 710, versión de firmware 1.07, envía la contraseña de inicio de sesión en texto sin cifrar. Esto podría permitir a un atacante local no autenticado interceptar la contraseña y obtener acceso al portal. • https://kb.cert.org/vuls/id/719689 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9531 – The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands
https://notcve.org/view.php?id=CVE-2019-9531
10 Oct 2019 — The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device. El portal de aplicaciones web del Cobham EXPLORER 710, versión de firmware 1.07, permite el acceso no autenticado al puerto 5454. Esto podría permitir a un atacante remoto no autentica... • https://kb.cert.org/vuls/id/719689 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9530 – The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files
https://notcve.org/view.php?id=CVE-2019-9530
10 Oct 2019 — The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory. El directorio root web del Cobham EXPLORER 710, versión de firmware 1.07, no presenta restricciones de acceso para descargar y leer todos los archivos. Esto podría permitir que un atacante local no autenticado conectado al dispositi... • https://kb.cert.org/vuls/id/719689 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9529 – The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default
https://notcve.org/view.php?id=CVE-2019-9529
10 Oct 2019 — The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. El portal de aplicaciones web del Cobham EXPLORER 710, versión de firmware 1.07, no presenta autenticación por defecto. Esto podría permitir que un atacante local no autenticado conectado al dispositivo acceda al portal y realice cualquier cambio en el dispositivo. • https://kb.cert.org/vuls/id/719689 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •