Vulnerabilities (CVE)

Vendor filter

Cobham Subscribe

Filter

14 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9533 1 Cobham 1 Explorer 710 Firmware 2019-10-16 10.0
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
CVE-2019-9530 1 Cobham 1 Explorer 710 Firmware 2019-10-16 4.9
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file...
CVE-2018-19393 1 Cobham 2 Satcom Sailor 800 Firmware, Satcom Sailor 900 Firmware 2019-10-03 7.8
Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further...
CVE-2018-5267 1 Cobham 1 Sea Tel 121 Firmware 2019-10-03 7.5
Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.
CVE-2018-19394 1 Cobham 2 Satcom Sailor 800 Firmware, Satcom Sailor 900 Firmware 2019-03-15 3.5
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant...
CVE-2018-5071 1 Cobham 1 Sea Tel 116 Firmware 2018-02-02 3.5
Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the...
CVE-2018-5728 1 Cobham 1 Seatel 121 Firmware 2018-02-02 5.0
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details.
CVE-2018-5266 1 Cobham 1 Sea Tel 121 Firmware 2018-02-01 5.0
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are...
CVE-2014-2942 1 Cobham 2 Aviator 700d, Aviator 700e 2014-09-22 7.2
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or...
CVE-2014-2941 1 Cobham 4 Ailor 6110 Mini-c Gmdss, Sailor 6222 Vhf, Sailor 6300 Mf %2f Hf and 1 more 2014-08-15 7.1
** DISPUTED ** Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states "there is no possibility to exploit another user's...
CVE-2014-2964 1 Cobham 2 Aviator 700d, Aviator 700e 2014-08-15 6.9
Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line.
CVE-2014-2940 1 Cobham 2 Sailor 900 Firmware, Sailor 6000 Series Firmware 2014-08-15 10.0
Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access.
CVE-2013-7180 1 Cobham 9 Aviator 300, Sailor Fleetbroadband 250, Explorer Bgan and 6 more 2014-08-15 7.8
Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging...
CVE-2014-0328 1 Cobham 4 Ailor 6110 Mini-c Gmdss, Sailor 6222 Vhf, Sailor 6300 Mf %2f Hf and 1 more 2014-08-15 9.3
The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.