Vulnerability Note VU#250358
Various Inmarsat broadband satellite terminals contain multiple vulnerabilities
A number of broadband satellite terminals which utilize the Inmarsat satellite telecommunications network have been found to contain undocumented hardcoded login credentials (CWE-798). Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perform privileged operations on the devices (CWE-306).
CWE-798: Use of Hard-coded Credentials - CVE-2013-6034
According to IOActive security researcher Ruben Santamarta, numerous broadband satellite terminals which connect to the Inmarsat satellite telecommunications network contain hardcoded login credentials.
Hughes Network Systems:
Thuraya Telecommunications Company:
Japan Radio Corp., Ltd.:
At this time, CERT/CC believes the affected firmware was jointly developed by GateHouse and Hughes Network Systems. A GateHouse representative confirmed that GateHouse was involved in the development of the firmware, but claims that GateHouse is not the author of the vulnerable portions of the firmware code. A representative of Hughes Network Systems acknowledged receipt of the vulnerability report but has declined to respond to further inquiries.
The CVSS score reflects CVE-2013-6035.
A remote unauthenticated attacker may be able to gain privileged access to the device. Additionally, a remote unauthenticated attacker may be able to execute arbitrary code on the device.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|GateHouse||Unknown||11 Dec 2013||11 Dec 2013|
|Harris Corporation||Unknown||25 Nov 2013||25 Nov 2013|
|Hughes Network Systems, Inc.||Unknown||10 Oct 2013||10 Oct 2013|
|Inmarsat||Unknown||10 Oct 2013||25 Nov 2013|
|Japan Radio Co Ltd||Unknown||10 Oct 2013||25 Nov 2013|
|Thuraya||Unknown||10 Oct 2013||25 Nov 2013|
CVSS Metrics (Learn More)
Thanks to IOActive researcher Ruben Santamarta for reporting this vulnerability.
This document was written by Todd Lewellen.
- CVE IDs: CVE-2013-6034 CVE-2013-6035
- Date Public: 31 Jan 2014
- Date First Published: 31 Jan 2014
- Date Last Updated: 14 Feb 2014
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.