Cobham EXPLORER 710 Firmware 1.07

CPE Details

Cobham EXPLORER 710 Firmware 1.07
1.07
2019-12-13 16:58 +00:00
2019-12-13 16:58 +00:00

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*

Informations

Vendor

cobham

Product

explorer_710_firmware

Version

1.07

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-9534 2019-10-10 20:09 +00:00 The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.
7.8
HIGH
CVE-2019-9533 2019-10-10 20:09 +00:00 The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
9.8
CRITICAL
CVE-2019-9532 2019-10-10 20:09 +00:00 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.
7.8
HIGH
CVE-2019-9531 2019-10-10 20:09 +00:00 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.
9.8
CRITICAL
CVE-2019-9530 2019-10-10 20:09 +00:00 The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.
5.5
MEDIUM
CVE-2019-9529 2019-10-10 20:09 +00:00 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.
5.5
MEDIUM
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.