The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| inmarsat | inmarsat | - |
| gatehouse | gatehouse | - |
| thuraya_telecommunications | ip | - |
| harris | bgan | rf-7800b-vu204 |
| japan_radio | jue-250 | - |
| japan_radio | jue-500 | - |
| harris | bgan | rf-7800b-du204 |
| hughes_network_systems | 9502 | - |
| hughes_network_systems | 9201 | - |
| hughes_network_systems | 9450 | - |
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| inmarsat | inmarsat | - |
| gatehouse | gatehouse | - |
| thuraya_telecommunications | ip | - |
| harris | bgan | rf-7800b-vu204 |
| japan_radio | jue-250 | - |
| japan_radio | jue-500 | - |
| harris | bgan | rf-7800b-du204 |
| hughes_network_systems | 9502 | - |
| hughes_network_systems | 9201 | - |
| hughes_network_systems | 9450 | - |
Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| inmarsat | amosconnect_8 | 8.0 |
| inmarsat | amosconnect_8 | 8.3.1 |
| inmarsat | amosconnect_8 | 8.0.1 |
| inmarsat | amosconnect_8 | 8.2.1 |
| inmarsat | amosconnect_8 | 8.3.0 |
| inmarsat | amosconnect_8 | 8.4.0.1 |
| inmarsat | amosconnect_8 | 8.4.0 |
| inmarsat | amosconnect_8 | 8.0.2 |
| inmarsat | amosconnect_8 | 8.2.2 |
| inmarsat | amosconnect_8 | 8.2.0 |
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| inmarsat | amosconnect | 8.2.1 |
| inmarsat | amosconnect | 8.3.1 |
| inmarsat | amosconnect | 8.4.0.1 |
| inmarsat | amosconnect | 8.0 |
| inmarsat | amosconnect | 8.2.2 |
| inmarsat | amosconnect | 8.2.0 |
| inmarsat | amosconnect | 8.3.0 |
| inmarsat | amosconnect | 8.0.1 |
| inmarsat | amosconnect | 8.0.2 |
| inmarsat | amosconnect | 8.4.0 |