CVE-2016-9496

Name of the Vulnerable Software and Affected Versions Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM

Description The issue concerns a lack of authentication in the modems, allowing an unauthenticated user to send an HTTP GET request to specific API endpoints, such as http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin, to cause the modem to reboot.

Recommendations For Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, consider restricting access to the http://[ip]/com/gatewayreset and http://[ip]/cgi/reboot.bin API endpoints to prevent unauthorized reboot requests. As a temporary workaround, limit network access to the modems to minimize the risk of exploitation.