Sailor 900 Vsat
by Cobham
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19393 | Hig | 0.49 | 7.5 | 0.02 | Mar 15, 2019 | Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this… | ||
| CVE-2018-19394 | Med | 0.31 | 4.8 | 0.01 | Mar 15, 2019 | Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name),… | ||
| CVE-2023-44853 | 0.00 | — | 0.00 | Apr 12, 2024 | \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. | |||
| CVE-2023-44856 | 0.00 | — | 0.01 | Apr 12, 2024 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web file. | |||
| CVE-2023-44854 | 0.00 | — | 0.01 | Apr 12, 2024 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file. | |||
| CVE-2023-44857 | 0.00 | — | 0.01 | Apr 12, 2024 | An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. | |||
| CVE-2023-44855 | 0.00 | — | 0.01 | Apr 12, 2024 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file. | |||
| CVE-2023-44852 | 0.00 | — | 0.01 | Apr 12, 2024 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file. | |||
| CVE-2014-2940 | 0.00 | — | 0.02 | Aug 15, 2014 | Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access. | |||
| CVE-2013-7180 | 0.00 | — | 0.02 | Aug 15, 2014 | Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to… |
- risk 0.49cvss 7.5epss 0.02
Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this…
- risk 0.31cvss 4.8epss 0.01
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name),…
- CVE-2023-44853Apr 12, 2024risk 0.00cvss —epss 0.00
\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.
- CVE-2023-44856Apr 12, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web file.
- CVE-2023-44854Apr 12, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.
- CVE-2023-44857Apr 12, 2024risk 0.00cvss —epss 0.01
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component.
- CVE-2023-44855Apr 12, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file.
- CVE-2023-44852Apr 12, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file.
- CVE-2014-2940Aug 15, 2014risk 0.00cvss —epss 0.02
Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access.
- CVE-2013-7180Aug 15, 2014risk 0.00cvss —epss 0.02
Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to…