CVE-2019-9529

Published: Oct 10, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.

Affected (1)

Products: Cobham: Explorer 710 Firmware

Cobham

1 product

Explorer 710 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cobham Explorer 710 Firmware	Version 1.07

Running on/with	Platform Versions
Cobham Explorer 710	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://kb.cert.org/vuls/id/719689/

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://kb.cert.org/vuls/id/719689/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.