Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for explorer_710_firmware by cobham

    CVE-2019-9534 (GCVE-0-2019-9534)

    Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-17 00:15
    VLAI
    Title
    The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image
    Summary
    The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.
    Severity
    No CVSS data available.
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9534",
              "STATE": "PUBLIC",
              "TITLE": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-494 Download of Code Without Integrity Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9534",
        "datePublished": "2019-10-10T20:09:47.814Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:15:54.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9533 (GCVE-0-2019-9533)

    Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-16 16:28
    VLAI
    Title
    The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08
    Summary
    The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Vendor Product Version
    Cobham plc Explorer 710 Affected: 1.08 , ≤ 1.08 (custom)
    Create a notification for this product.
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "lessThanOrEqual": "1.08",
                  "status": "affected",
                  "version": "1.08",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9533",
              "STATE": "PUBLIC",
              "TITLE": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.08",
                                "version_value": "1.08"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522: Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9533",
        "datePublished": "2019-10-10T20:09:47.781Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:28:25.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9532 (GCVE-0-2019-9532)

    Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-16 19:30
    VLAI
    Title
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext
    Summary
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.
    Severity
    No CVSS data available.
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319: Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9532",
              "STATE": "PUBLIC",
              "TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-319: Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9532",
        "datePublished": "2019-10-10T20:09:47.739Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:16.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9531 (GCVE-0-2019-9531)

    Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-16 20:02
    VLAI
    Title
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands
    Summary
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9531",
              "STATE": "PUBLIC",
              "TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9531",
        "datePublished": "2019-10-10T20:09:47.705Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:02:16.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9530 (GCVE-0-2019-9530)

    Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-16 17:14
    VLAI
    Title
    The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files
    Summary
    The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.562Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9530",
              "STATE": "PUBLIC",
              "TITLE": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9530",
        "datePublished": "2019-10-10T20:09:47.669Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:11.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9529 (GCVE-0-2019-9529)

    Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-16 20:07
    VLAI
    Title
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default
    Summary
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9529",
              "STATE": "PUBLIC",
              "TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9529",
        "datePublished": "2019-10-10T20:09:47.632Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:07:10.559Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9534 (GCVE-0-2019-9534)

    Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-17 00:15
    VLAI
    Title
    The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image
    Summary
    The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.
    Severity
    No CVSS data available.
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9534",
              "STATE": "PUBLIC",
              "TITLE": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-494 Download of Code Without Integrity Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9534",
        "datePublished": "2019-10-10T20:09:47.814Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:15:54.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9533 (GCVE-0-2019-9533)

    Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 16:28
    VLAI
    Title
    The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08
    Summary
    The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Vendor Product Version
    Cobham plc Explorer 710 Affected: 1.08 , ≤ 1.08 (custom)
    Create a notification for this product.
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "lessThanOrEqual": "1.08",
                  "status": "affected",
                  "version": "1.08",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9533",
              "STATE": "PUBLIC",
              "TITLE": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.08",
                                "version_value": "1.08"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522: Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9533",
        "datePublished": "2019-10-10T20:09:47.781Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:28:25.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9532 (GCVE-0-2019-9532)

    Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 19:30
    VLAI
    Title
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext
    Summary
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.
    Severity
    No CVSS data available.
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319: Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9532",
              "STATE": "PUBLIC",
              "TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-319: Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9532",
        "datePublished": "2019-10-10T20:09:47.739Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:16.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9531 (GCVE-0-2019-9531)

    Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 20:02
    VLAI
    Title
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands
    Summary
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9531",
              "STATE": "PUBLIC",
              "TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9531",
        "datePublished": "2019-10-10T20:09:47.705Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:02:16.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9530 (GCVE-0-2019-9530)

    Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 17:14
    VLAI
    Title
    The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files
    Summary
    The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.562Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9530",
              "STATE": "PUBLIC",
              "TITLE": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9530",
        "datePublished": "2019-10-10T20:09:47.669Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:11.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9529 (GCVE-0-2019-9529)

    Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 20:07
    VLAI
    Title
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default
    Summary
    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/719689/ third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2019-10-09 00:00
    Credits
    This issue was found by Kyle O'Meara and David Belasco.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#719689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/719689/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Explorer 710",
              "vendor": "Cobham plc",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
            }
          ],
          "datePublic": "2019-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T20:09:47.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#719689",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
              "ID": "CVE-2019-9529",
              "STATE": "PUBLIC",
              "TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Explorer 710",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.07",
                                "version_value": "1.07"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cobham plc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#719689",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/719689/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9529",
        "datePublished": "2019-10-10T20:09:47.632Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:07:10.559Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }