Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured.
Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not appropriately configured:
CWE-20: Improper Input Validation - CVE-2016-9494
Other models may also be affected.
An unauthenticated remote attacker may be able to cause a denial of service via one of several methods, or can access some administrative commands via telnet.
Hughes has provided the following statement:
Restrict network access
Hughes Network Systems, Inc.
Kontron S&T AG
Thanks to the reporter who wishes to remain anonymous.
This document was written by Garret Wassermann.