175 matches found
Design/Logic Flaw
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention AT commands, including some that provide unauthenticated,...
Design/Logic Flaw
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to...
Default credentials
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal...
Authentication flaw
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device...
Default credentials
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device...
Directory traversal
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory...
CVE-2019-9531
The CVE-2019-9531 entry affects the Cobham EXPLORER 710 portable satcom terminal running firmware version 1.07. Connected sources confirm that the web application portal allows unauthenticated access to port 5454, enabling an unauthenticated remote attacker to connect via Telnet and execute 86 At...
CVE-2019-9530
The CVE-2019-9530 entry applies to Cobham EXPLORER 710 (firmware 1.07). The vulnerability is that the web root directory has no access restrictions, enabling an unauthenticated, local attacker connected to the device to read and download any file in the web root. The provided connected documents ...
CVE-2019-9534
The CVE-2019-9534 entry affects Cobham EXPLORER 710 with firmware 1.07, where firmware image validation is absent. Connected sources (CERT/CC) describe that development scripts left in the firmware can be used by an unauthenticated, local attacker to upload their own firmware, potentially enablin...
CVE-2019-9532
An issue in Cobham EXPLORER 710 web portal (firmware 1.07) transmits the login password in cleartext, enabling a local, unauthenticated attacker to intercept credentials and access the portal. Root cause: cleartext credential handling in the web portal. Impact described in sources includes potent...
CVE-2019-9529 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device...
CVE-2019-9532 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal...
CVE-2019-9530 The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory...
CVE-2019-9531 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention AT commands, including some that provide unauthenticated,...
CVE-2019-9533 The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device...
CVE-2019-9534 The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to...
CVE-2019-9529
Affected product: Cobham EXPLORER 710, firmware 1.07. Vulnerability: The web application portal has no authentication by default, allowing an unauthenticated, local attacker to access the portal and make changes to the device. Impact (as described): unauthenticated access, potential modification ...
CVE-2019-9533
The CVE-2019-9533 issue affects the Cobham EXPLORER 710 satellite terminal. Root password is identical across firmware versions up to v1.08, enabling an attacker to reverse‑engineer the password from available versions to gain authenticated access to the device. This stems from using a universal ...
PT-2019-19691 · Cobham · Cobham Explorer 710
Name of the Vulnerable Software and Affected Versions: Cobham EXPLORER 710 firmware version 1.07 Description: The issue concerns the lack of firmware image validation in the device. Development scripts that were left in the firmware can be exploited to upload a custom firmware image. This could...
Cobham EXPLORER 710 Multiple Security Vulnerabilities
Description Cobham EXPLORER 710 is prone to multiple security vulnerabilities: 1. Multiple security weaknesses 2. Multiple access-bypass vulnerabilities 3. An information-disclosure vulnerability 4. An arbitrary file upload vulnerability An attacker may exploit these issues to perform certain...