VYPR
Vendor

Hughes

Products
5
CVEs
13
Across products
14
Status
Private

Products

5

Recent CVEs

13
  • CVE-2016-9497HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.02

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user…

  • CVE-2016-9495HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.01

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.

  • CVE-2021-32997HigMay 25, 2022
    risk 0.53cvss 8.2epss 0.00

    The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part…

  • CVE-2023-34437HigOct 19, 2023
    risk 0.49cvss 7.5epss 0.00

    Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device.

  • CVE-2023-34441MedOct 19, 2023
    risk 0.44cvss 6.8epss 0.00

    Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.

  • CVE-2016-9496MedJul 13, 2018
    risk 0.42cvss 6.5epss 0.01

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.

  • CVE-2016-9494MedJul 13, 2018
    risk 0.42cvss 6.5epss 0.01

    Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET…

  • CVE-2023-36857MedOct 19, 2023
    risk 0.35cvss 5.4epss 0.00

    Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.

  • CVE-2000-0012Dec 27, 1999
    risk 0.04cvss epss 0.10

    Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.

  • CVE-1999-0753Aug 17, 1999
    risk 0.03cvss epss 0.05

    The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.

  • CVE-2001-1225Dec 26, 2001
    risk 0.00cvss epss 0.00

    Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.

  • CVE-1999-1260Feb 15, 1999
    risk 0.00cvss epss 0.01

    mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query.

  • CVE-1999-0276Jan 1, 1999
    risk 0.00cvss epss 0.03

    mSQL v2.0.1 and below allows remote execution through a buffer overflow.