PT-2019-19689 · Cobham · Cobham Explorer 710

David Belasco

Published

2019-10-10

Updated

2019-10-17

CVE-2019-9532

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cobham EXPLORER 710 firmware version 1.07

Description The web application portal of the Cobham EXPLORER 710 sends the login password in cleartext, potentially allowing an unauthenticated, local attacker to intercept the password and gain access to the portal.

Recommendations For firmware version 1.07, consider restricting access to the web application portal until a fix is available, and avoid using the portal over unsecured networks to minimize the risk of password interception.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2019-9532

Affected Products

Cobham Explorer 710

PT-2019-19689 · Cobham · Cobham Explorer 710

CVE-2019-9532

Weakness Enumeration

Related Identifiers

Affected Products

References · 3