VYPR

Sea Tel 121

by Cobham

CVEs (5)

  • CVE-2018-5267CriJan 8, 2018
    risk 0.64cvss 9.8epss 0.03

    Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.

  • CVE-2018-5266HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.02

    Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's…

  • CVE-2019-16320MedSep 15, 2019
    risk 0.35cvss 5.3epss 0.01

    Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.

  • CVE-2018-5728MedJan 16, 2018
    risk 0.35cvss 5.3epss 0.01

    Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details.

  • CVE-2018-5071MedJan 8, 2018
    risk 0.35cvss 5.4epss 0.01

    Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is…