PT-2019-19686 · Cobham · Cobham Explorer 710

David Belasco

Published

2019-10-10

Updated

2019-10-21

CVE-2019-9529

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cobham EXPLORER 710 firmware version 1.07

Description The web application portal of the device has no authentication by default, allowing an unauthenticated, local attacker connected to the device to access the portal and make any changes to the device.

Recommendations For firmware version 1.07, enable authentication on the web application portal to prevent unauthorized access and changes to the device.

Fix

Missing Authentication

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-284

Related Identifiers

CVE-2019-9529

Affected Products

Cobham Explorer 710

PT-2019-19686 · Cobham · Cobham Explorer 710

CVE-2019-9529

Weakness Enumeration

Related Identifiers

Affected Products

References · 3