Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials.
CWE-798: Use of Hard-coded Credentials
IOActive reports that Cobham Sailor 900 and 6000 series satellite communication terminals running firmware version: 1.08 MFHF / 2.11 VHF contain hardcoded administrator credentials.
A remote unauthenticated attacker may be able to gain full control over the device.
The CERT/CC is currently unaware of a practical solution to this problem.
Thanks to Ruben Santamarta for reporting this vulnerability.
|Date First Published:||2014-08-07|
|Date Last Updated:||2014-08-14 03:05 UTC|