- Description
- Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line.
- Source
- cret@cert.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
- Comment
- <a href="http://cwe.mitre.org/data/definitions/798.html">CWE-798: Use of Hard-coded Credentials</a>
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD3FE641-E175-4CC4-90BF-955B1C0217F3"
},
{
"criteria": "cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DF6EB81-6E66-4462-98AE-44DD641BCC90"
}
],
"operator": "OR"
}
]
}
]