MidnightBSD

Advisories for inmarsat

CVE-2013-6034 HIGH

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
inmarsat inmarsat -
gatehouse gatehouse -
thuraya_telecommunications ip -
harris bgan rf-7800b-vu204
japan_radio jue-250 -
japan_radio jue-500 -
harris bgan rf-7800b-du204
hughes_network_systems 9502 -
hughes_network_systems 9201 -
hughes_network_systems 9450 -
CVE-2013-6035 HIGH

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
inmarsat inmarsat -
gatehouse gatehouse -
thuraya_telecommunications ip -
harris bgan rf-7800b-vu204
japan_radio jue-250 -
japan_radio jue-500 -
harris bgan rf-7800b-du204
hughes_network_systems 9502 -
hughes_network_systems 9201 -
hughes_network_systems 9450 -
CVE-2017-3221 MEDIUM

Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
inmarsat amosconnect_8 8.0
inmarsat amosconnect_8 8.3.1
inmarsat amosconnect_8 8.0.1
inmarsat amosconnect_8 8.2.1
inmarsat amosconnect_8 8.3.0
inmarsat amosconnect_8 8.4.0.1
inmarsat amosconnect_8 8.4.0
inmarsat amosconnect_8 8.0.2
inmarsat amosconnect_8 8.2.2
inmarsat amosconnect_8 8.2.0
CVE-2017-3222 HIGH

Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
inmarsat amosconnect 8.2.1
inmarsat amosconnect 8.3.1
inmarsat amosconnect 8.4.0.1
inmarsat amosconnect 8.0
inmarsat amosconnect 8.2.2
inmarsat amosconnect 8.2.0
inmarsat amosconnect 8.3.0
inmarsat amosconnect 8.0.1
inmarsat amosconnect 8.0.2
inmarsat amosconnect 8.4.0