Vulnerability Note VU#614751
Hughes satellite modems contain multiple vulnerabilities
Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured.
Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not appropriately configured:
CWE-20: Improper Input Validation - CVE-2016-9494
Other models may also be affected.
An unauthenticated remote attacker may be able to cause a denial of service via one of several methods, or can access some administrative commands via telnet.
Hughes has provided the following statement:
Restrict network access
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hughes Network Systems, Inc.||Affected||16 Mar 2016||15 Feb 2017|
|Kontron S&T AG||Affected||-||27 Feb 2018|
CVSS Metrics (Learn More)
Thanks to the reporter who wishes to remain anonymous.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-9494 CVE-2016-9495 CVE-2016-9496 CVE-2016-9497
- Date Public: 15 Feb 2017
- Date First Published: 15 Feb 2017
- Date Last Updated: 27 Feb 2018
- Document Revision: 60
If you have feedback, comments, or additional information about this vulnerability, please send us email.