CVE-2018-19392

Published: Mar 15, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).

Affected (2)

Products: Cobham: Satcom Sailor 250 Firmware, Satcom Sailor 500 Firmware

2 products

Satcom Sailor 250 Firmware

Satcom Sailor 500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cobham Satcom Sailor 250 Firmware	Before 1.25

Running on/with	Platform Versions
Cobham Satcom Sailor 250	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cobham Satcom Sailor 500 Firmware	Before 1.25

Running on/with	Platform Versions
Cobham Satcom Sailor 500	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://cyberskr.com/blog/cobham-satcom-250-500.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/CyberSKR/2dfd5dccb20a209ec4d35b2678bac0d4

Source: cve@mitre.org

Third Party Advisory

https://cyberskr.com/blog/cobham-satcom-250-500.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://gist.github.com/CyberSKR/2dfd5dccb20a209ec4d35b2678bac0d4

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.