Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).
References
Link | Resource |
---|---|
https://cyberskr.com/blog/cobham-satcom-250-500.html | Exploit Third Party Advisory |
https://gist.github.com/CyberSKR/2dfd5dccb20a209ec4d35b2678bac0d4 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-15T16:00:00
Updated: 2019-03-15T15:57:01
Reserved: 2018-11-20T00:00:00
Link: CVE-2018-19392
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-15T16:29:00.327
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-19392
JSON object: View
Redhat Information
No data.
CWE