Kyle Omeara

**Name of the Vulnerable Software and Affected Versions** Cobham EXPLORER 710 firmware version 1.07 **Description** The web application portal of the device has no authentication by default, allowing an unauthenticated, local attacker connected to the device to access the portal and make any changes to the device. **Recommendations** For firmware version 1.07, enable authentication on the web application portal to prevent unauthorized access and changes to the device.

**Name of the Vulnerable Software and Affected Versions** Cobham EXPLORER 710 firmware version 1.07 **Description** The issue concerns the lack of access restrictions on the web root directory, allowing an unauthenticated, local attacker connected to the device to access and download any file found in this directory. **Recommendations** For firmware version 1.07, restrict access to the web root directory to prevent unauthorized file downloads.

**Name of the Vulnerable Software and Affected Versions** Cobham EXPLORER 710 firmware version 1.07 **Description** The web application portal of the Cobham EXPLORER 710 sends the login password in cleartext, potentially allowing an unauthenticated, local attacker to intercept the password and gain access to the portal. **Recommendations** For firmware version 1.07, consider restricting access to the web application portal until a fix is available, and avoid using the portal over unsecured networks to minimize the risk of password interception.

**Name of the Vulnerable Software and Affected Versions** Cobham EXPLORER 710 versions up to and including v1.08 **Description** The issue concerns the use of a static root password across different firmware versions of the Cobham EXPLORER 710. This static password could potentially be reverse-engineered by an attacker from available versions, allowing them to gain authenticated access to the device. **Recommendations** For versions up to and including v1.08, consider changing the root password to a unique and strong password to prevent unauthorized access. As a temporary workaround, restrict access to the device until a patch or update can be applied.

**Name of the Vulnerable Software and Affected Versions** Cobham EXPLORER 710 firmware version 1.07 **Description** The issue concerns the lack of firmware image validation in the device. Development scripts that were left in the firmware can be exploited to upload a custom firmware image. This could potentially allow an unauthenticated, local attacker to upload their own firmware, which could then be used for various malicious purposes, including intercepting or modifying traffic, spoofing or intercepting GPS traffic, exfiltrating private data, hiding a backdoor, or causing a denial-of-service. **Recommendations** For Cobham EXPLORER 710 firmware version 1.07, consider disabling the development scripts left in the firmware as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.