Vulnerability CVE-2016-9497


Published: 2018-07-13

Description:
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:A/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.3/10
10/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Hughes -> Dw7000 firmware 
Hughes -> Hn7000s firmware 
Hughes -> Hn7000sm firmware 
Hughes -> Hn7740s firmware 

 References:
https://www.kb.cert.org/vuls/id/614751
https://www.securityfocus.com/bid/96244

Copyright 2024, cxsecurity.com

 

Back to Top