RSS   Vulnerabilities for 'Hn7000s firmware'   RSS

2018-07-13
 
CVE-2016-9497

CWE-287
 

 
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem.

 
 
CVE-2016-9496

CWE-306
 

 
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.

 
 
CVE-2016-9495

CWE-798
 

 
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.

 
 
CVE-2016-9494

CWE-20
 

 
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.

 

 >>> Vendor: Hughes 5 Products
MSQL
Dw7000 firmware
Hn7000s firmware
Hn7000sm firmware
Hn7740s firmware


Copyright 2024, cxsecurity.com

 

Back to Top