// For flags

CVE-2019-9534

The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.

El Cobham EXPLORER 710, versión de firmware 1.07, no comprueba su imagen de firmware. Los scripts de desarrollo que quedan en el firmware pueden ser usados para cargar una imagen de firmware personalizada que ejecuta el dispositivo. Esto podría permitir a un atacante local no autenticado cargar su propio firmware que podría ser usado para interceptar o modificar el tráfico, falsificar o interceptar el tráfico GPS, filtrar datos privados, ocultar una backdoor o causar una denegación de servicio.

*Credits: This issue was found by Kyle O'Meara and David Belasco.
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-03-01 CVE Reserved
  • 2019-10-10 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-494: Download of Code Without Integrity Check
CAPEC
References (1)
URL Tag Source
https://kb.cert.org/vuls/id/719689 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cobham
Search vendor "Cobham"
 Explorer 710 Firmware
Search vendor "Cobham" for product "Explorer 710 Firmware"
 1.07
Search vendor "Cobham" for product "Explorer 710 Firmware" and version "1.07"
-
Affected
in Cobham
Search vendor "Cobham"
 Explorer 710
Search vendor "Cobham" for product "Explorer 710"
--
Safe