Vulnerability Note VU#460687
Cobham Sailor satellite terminals contain hardcoded credentials
Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials.
CWE-798: Use of Hard-coded Credentials
IOActive reports that Cobham Sailor 900 and 6000 series satellite communication terminals running firmware version: 1.08 MFHF / 2.11 VHF contain hardcoded administrator credentials.
A remote unauthenticated attacker may be able to gain full control over the device.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cobham plc||Affected||14 Jan 2014||05 Aug 2014|
CVSS Metrics (Learn More)
Thanks to Ruben Santamarta for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2014-2940
- Date Public: 07 Aug 2014
- Date First Published: 07 Aug 2014
- Date Last Updated: 13 Aug 2014
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.