PT-2018-5086 · Hughes · Hn7740S+2
Published
2018-07-13
·
Updated
2019-10-09
·
CVE-2016-9496
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM
Description
The issue concerns a lack of authentication in the modems, allowing an unauthenticated user to send an HTTP GET request to specific API endpoints, such as
http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin, to cause the modem to reboot.Recommendations
For Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, consider restricting access to the
http://[ip]/com/gatewayreset and http://[ip]/cgi/reboot.bin API endpoints to prevent unauthorized reboot requests. As a temporary workaround, limit network access to the modems to minimize the risk of exploitation.Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dw7000
Hn7000S/Sm
Hn7740S