CVE-2018-5266

Published: Jan 8, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1.

Affected (1)

Products: Cobham: Sea Tel 121 Firmware

1 product

Sea Tel 121 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cobham Sea Tel 121 Firmware	Version 222701

Running on/with	Platform Versions
Cobham Sea Tel 121	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html

Source: cve@mitre.org

ExploitThird Party Advisory

http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.