RSS   Vulnerabilities for 'Satcom sailor 800 firmware'   RSS

2019-03-15
 
CVE-2018-19394

CWE-79
 

 
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.

 
 
CVE-2018-19393

CWE-284
 

 
Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.

 

 >>> Vendor: Cobham 21 Products
Aviator 200
Aviator 300
Aviator 350
Aviator 700d
Explorer bgan
Sailor 900 vsat
Sailor fleetbroadband 150
Sailor fleetbroadband 250
Sailor fleetbroadband 500
Ailor 6110 mini-c gmdss
Sailor 6006 message terminal
Sailor 6222 vhf
Sailor 6300 mf / hf
Sailor 6000 series firmware
Sailor 900 firmware
Aviator 700e
Sea tel 121 firmware
Sea tel 116 firmware
Seatel 121 firmware
Satcom sailor 800 firmware
Satcom sailor 900 firmware


Copyright 2019, cxsecurity.com

 

Back to Top