Cobham
Products
22- 10 CVEs
- 6 CVEs
- 5 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
27| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9533 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. | ||
| CVE-2019-9531 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2019 | The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide… | ||
| CVE-2018-19392 | Cri | 0.64 | 9.8 | 0.01 | Mar 15, 2019 | Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required… | ||
| CVE-2018-5267 | Cri | 0.64 | 9.8 | 0.03 | Jan 8, 2018 | Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. | ||
| CVE-2019-9534 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2019 | The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware… | ||
| CVE-2019-9532 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2019 | The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. | ||
| CVE-2018-19393 | Hig | 0.49 | 7.5 | 0.02 | Mar 15, 2019 | Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this… | ||
| CVE-2018-5266 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2018 | Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's… | ||
| CVE-2018-19391 | Med | 0.40 | 6.1 | 0.01 | Mar 15, 2019 | Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. | ||
| CVE-2019-9530 | Med | 0.36 | 5.5 | 0.00 | Oct 10, 2019 | The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory. | ||
| CVE-2019-9529 | Med | 0.36 | 5.5 | 0.00 | Oct 10, 2019 | The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. | ||
| CVE-2019-16320 | Med | 0.35 | 5.3 | 0.01 | Sep 15, 2019 | Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community. | ||
| CVE-2018-5728 | Med | 0.35 | 5.3 | 0.01 | Jan 16, 2018 | Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. | ||
| CVE-2018-5071 | Med | 0.35 | 5.4 | 0.01 | Jan 8, 2018 | Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is… | ||
| CVE-2018-19394 | Med | 0.31 | 4.8 | 0.01 | Mar 15, 2019 | Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name),… | ||
| CVE-2023-44855 | 0.00 | — | 0.01 | Apr 12, 2024 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file. | |||
| CVE-2023-44854 | 0.00 | — | 0.01 | Apr 12, 2024 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file. | |||
| CVE-2023-44857 | 0.00 | — | 0.01 | Apr 12, 2024 | An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. | |||
| CVE-2023-44856 | 0.00 | — | 0.01 | Apr 12, 2024 | Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web file. | |||
| CVE-2023-44853 | 0.00 | — | 0.00 | Apr 12, 2024 | \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. |
- risk 0.64cvss 9.8epss 0.02
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
- risk 0.64cvss 9.8epss 0.03
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide…
- risk 0.64cvss 9.8epss 0.01
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required…
- risk 0.64cvss 9.8epss 0.03
Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.
- risk 0.51cvss 7.8epss 0.00
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware…
- risk 0.51cvss 7.8epss 0.00
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.
- risk 0.49cvss 7.5epss 0.02
Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this…
- risk 0.49cvss 7.5epss 0.02
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's…
- risk 0.40cvss 6.1epss 0.01
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.
- risk 0.36cvss 5.5epss 0.00
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.
- risk 0.36cvss 5.5epss 0.00
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.
- risk 0.35cvss 5.3epss 0.01
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.
- risk 0.35cvss 5.3epss 0.01
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details.
- risk 0.35cvss 5.4epss 0.01
Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is…
- risk 0.31cvss 4.8epss 0.01
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name),…
- CVE-2023-44855Apr 12, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file.
- CVE-2023-44854Apr 12, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.
- CVE-2023-44857Apr 12, 2024risk 0.00cvss —epss 0.01
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component.
- CVE-2023-44856Apr 12, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web file.
- CVE-2023-44853Apr 12, 2024risk 0.00cvss —epss 0.00
\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.