Vulnerability Note VU#917348
Datum Systems satellite modem devices contain multiple vulnerabilities
Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities
CWE-220: Sensitive Data Under FTP Root - CVE-2014-2950
The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system.
A remote unauthenticated attacker may be able to gain full control of the device.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Datum Systems||Unknown||16 May 2014||09 Jul 2014|
CVSS Metrics (Learn More)
Thanks to Narendra Shinde and Ashish Kamble from Qualys Inc. for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2014-2950 CVE-2014-2951
- Date Public: 11 Jul 2014
- Date First Published: 11 Jul 2014
- Date Last Updated: 14 Aug 2014
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.