CVE-2019-9534

Name of the Vulnerable Software and Affected Versions Cobham EXPLORER 710 firmware version 1.07

Description The issue concerns the lack of firmware image validation in the device. Development scripts that were left in the firmware can be exploited to upload a custom firmware image. This could potentially allow an unauthenticated, local attacker to upload their own firmware, which could then be used for various malicious purposes, including intercepting or modifying traffic, spoofing or intercepting GPS traffic, exfiltrating private data, hiding a backdoor, or causing a denial-of-service.

Recommendations For Cobham EXPLORER 710 firmware version 1.07, consider disabling the development scripts left in the firmware as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.