Hughes
Products
5- 5 CVEs
- 4 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9497 | Hig | 0.57 | 8.8 | 0.02 | Jul 13, 2018 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user… | ||
| CVE-2016-9495 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2018 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. | ||
| CVE-2021-32997 | Hig | 0.53 | 8.2 | 0.00 | May 25, 2022 | The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part… | ||
| CVE-2023-34437 | Hig | 0.49 | 7.5 | 0.00 | Oct 19, 2023 | Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | ||
| CVE-2023-34441 | Med | 0.44 | 6.8 | 0.00 | Oct 19, 2023 | Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. | ||
| CVE-2016-9496 | Med | 0.42 | 6.5 | 0.01 | Jul 13, 2018 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. | ||
| CVE-2016-9494 | Med | 0.42 | 6.5 | 0.01 | Jul 13, 2018 | Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET… | ||
| CVE-2023-36857 | Med | 0.35 | 5.4 | 0.00 | Oct 19, 2023 | Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | ||
| CVE-2000-0012 | 0.04 | — | 0.10 | Dec 27, 1999 | Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. | |||
| CVE-1999-0753 | 0.03 | — | 0.05 | Aug 17, 1999 | The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. | |||
| CVE-2001-1225 | 0.00 | — | 0.00 | Dec 26, 2001 | Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried. | |||
| CVE-1999-1260 | 0.00 | — | 0.01 | Feb 15, 1999 | mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query. | |||
| CVE-1999-0276 | 0.00 | — | 0.03 | Jan 1, 1999 | mSQL v2.0.1 and below allows remote execution through a buffer overflow. |
- risk 0.57cvss 8.8epss 0.02
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user…
- risk 0.57cvss 8.8epss 0.01
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.
- risk 0.53cvss 8.2epss 0.00
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part…
- risk 0.49cvss 7.5epss 0.00
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device.
- risk 0.44cvss 6.8epss 0.00
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.
- risk 0.42cvss 6.5epss 0.01
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.
- risk 0.42cvss 6.5epss 0.01
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET…
- risk 0.35cvss 5.4epss 0.00
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.
- CVE-2000-0012Dec 27, 1999risk 0.04cvss —epss 0.10
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
- CVE-1999-0753Aug 17, 1999risk 0.03cvss —epss 0.05
The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.
- CVE-2001-1225Dec 26, 2001risk 0.00cvss —epss 0.00
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
- CVE-1999-1260Feb 15, 1999risk 0.00cvss —epss 0.01
mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query.
- CVE-1999-0276Jan 1, 1999risk 0.00cvss —epss 0.03
mSQL v2.0.1 and below allows remote execution through a buffer overflow.