» 2018 » 1월

CVE-2017-15913

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2017-15913

The Installer in Whale allows DLL hijacking.

Source: CVE-2017-15913

CVE-2018-5266

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5266

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product’s documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1.

Source: CVE-2018-5266

CVE-2018-5267

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5267

Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.

Source: CVE-2018-5267

CVE-2018-5071

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device’s TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP.

Source: CVE-2018-5071

CVE-2014-10069

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2014-10069

Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers’ installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.

Source: CVE-2014-10069