PT-2018-5085 · Hughes · Hughes Hn7740S+2
Published
2018-07-13
·
Updated
2019-10-09
·
CVE-2016-9495
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM
Description
The issue concerns the use of hard-coded credentials in the devices. Access to the device can be obtained through the default telnet port (23) by using one of the default credentials shared among all devices.
Recommendations
For Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, consider changing the default credentials to unique and strong ones to prevent unauthorized access. As a temporary workaround, restrict access to the default telnet port (23) to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hughes Dw7000
Hughes Hn7000S/Sm
Hughes Hn7740S