Vulnerabilities > Cobham
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-15 | CVE-2018-19391 | Cross-site Scripting vulnerability in Cobham products Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. | 4.3 |
| 2018-01-16 | CVE-2018-5728 | Information Exposure vulnerability in Cobham Seatel 121 Firmware Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. | 5.0 |
| 2018-01-08 | CVE-2018-5267 | Unspecified vulnerability in Cobham SEA TEL 121 Firmware 222701 Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. | 7.5 |
| 2018-01-08 | CVE-2018-5266 | Information Exposure vulnerability in Cobham SEA TEL 121 Firmware 222701 Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. | 5.0 |
| 2018-01-08 | CVE-2018-5071 | Cross-site Scripting vulnerability in Cobham SEA TEL 116 Firmware 222429 Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. | 3.5 |
| 2014-09-22 | CVE-2014-2942 | Credentials Management vulnerability in Cobham Aviator 700D and Aviator 700E Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. | 7.2 |
| 2014-08-15 | CVE-2014-2964 | Unspecified vulnerability in Cobham Aviator 700D and Aviator 700E Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line. local cobham | 6.9 |
| 2014-08-15 | CVE-2014-2940 | Hardcoded Credentials Security Bypass vulnerability in Cobham Sailor Satellite Terminals Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access. | 10.0 |
| 2014-08-15 | CVE-2014-0328 | Remote Code Execution vulnerability in Cobham thraneLINK The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response. | 9.3 |
| 2014-08-15 | CVE-2013-7180 | Information Disclosure vulnerability in Multiple Cobham Products Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code. | 7.8 |