PT-2019-19690 · Cobham · Cobham Explorer 710

David Belasco

Published

2019-10-10

Updated

2020-10-16

CVE-2019-9533

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cobham EXPLORER 710 versions up to and including v1.08

Description The issue concerns the use of a static root password across different firmware versions of the Cobham EXPLORER 710. This static password could potentially be reverse-engineered by an attacker from available versions, allowing them to gain authenticated access to the device.

Recommendations For versions up to and including v1.08, consider changing the root password to a unique and strong password to prevent unauthorized access. As a temporary workaround, restrict access to the device until a patch or update can be applied.

Fix

Insufficiently Protected Credentials

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-798

Related Identifiers

CVE-2019-9533

Affected Products

Cobham Explorer 710

PT-2019-19690 · Cobham · Cobham Explorer 710

CVE-2019-9533

Weakness Enumeration

Related Identifiers

Affected Products

References · 3