Vulnerability Note VU#250358
Hughes Network Systems Broadband Global Area Network (BGAN) satellite terminal firmware contains multiple vulnerabilities
Firmware developed by Hughes Network Systems used in a number of BGAN satellite terminals contains undocumented hardcoded login credentials (CWE-798). Additionally, the firmware contains an insecure proprietary communications protocol, likely a debugging service, that allows unauthenticated local network users to perform privileged operations on the device (CWE-306).
CWE-798: Use of Hard-coded Credentials - CVE-2013-6034
Firmware developed by Hughes Network Systems and used in numerous broadband satellite terminals contain hardcoded login credentials. Most of these devices are utilized for broadband connectivity through the Inmarsat satellite telecommunications network.
Hughes Network Systems:
Thuraya Telecommunications Company:
Japan Radio Corp., Ltd.:
CERT/CC has confirmed that the affected firmware is developed by Hughes Network Systems. GateHouse produces a BGAN network stack that is licensed to Hughes Network Systems, but the GateHouse software does not provide either of the vulnerable features. Please see the "Vendor Information" below for more details.
The CVSS score reflects CVE-2013-6035.
Depending on implementation, an unauthenticated attacker may be able to gain privileged access to the device. Additionally, an unauthenticated attacker on the local network may be able to execute arbitrary code on the device.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Harris Corporation||Affected||25 Nov 2013||24 Jun 2014|
|Hughes Network Systems, Inc.||Affected||10 Oct 2013||24 Jun 2014|
|GateHouse||Not Affected||11 Dec 2013||06 Jun 2014|
|Inmarsat||Not Affected||10 Oct 2013||12 Jun 2014|
|CVE Request||Unknown||12 Jun 2014||12 Jun 2014|
|Japan Radio Co Ltd||Unknown||10 Oct 2013||25 Nov 2013|
|Thuraya||Unknown||10 Oct 2013||25 Nov 2013|
CVSS Metrics (Learn More)
Thanks to IOActive researcher Ruben Santamarta for reporting this vulnerability.
This document was written by Todd Lewellen and Chris King.
- CVE IDs: CVE-2013-6034 CVE-2013-6035
- Date Public: 31 Jan 2014
- Date First Published: 31 Jan 2014
- Date Last Updated: 24 Jun 2014
- Document Revision: 65
If you have feedback, comments, or additional information about this vulnerability, please send us email.