Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities
CWE-220: Sensitive Data Under FTP Root - CVE-2014-2950
The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system.
A remote unauthenticated attacker may be able to gain full control of the device.
The CERT/CC is currently unaware of a practical solution to this problem.
Thanks to Narendra Shinde and Ashish Kamble from Qualys Inc. for reporting this vulnerability.
This document was written by Chris King.