CVE-2019-9534
Summary
| CVE | CVE-2019-9534 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-10 20:15:00 UTC |
| Updated | 2019-10-16 18:07:00 UTC |
| Description | The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service. |
Risk And Classification
Problem Types: CWE-434
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cobham | Explorer 710 | - | All | All | All |
| Hardware | Cobham | Explorer 710 | - | All | All | All |
| Operating System | Cobham | Explorer 710 Firmware | 1.07 | All | All | All |
| Operating System | Cobham | Explorer 710 Firmware | 1.07 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VU#719689 - Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal | CERT-VN | kb.cert.org | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: This issue was found by Kyle O'Meara and David Belasco.
There are currently no legacy QID mappings associated with this CVE.