CVE-2018-19392

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cobham:satcom_sailor_250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cobham:satcom_sailor_250:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cobham:satcom_sailor_500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cobham:satcom_sailor_500:-:*:*:*:*:*:*:*

Information

Published : 2019-03-15 09:29

Updated : 2020-08-24 10:37


NVD link : CVE-2018-19392

Mitre link : CVE-2018-19392


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

cobham

  • satcom_sailor_250
  • satcom_sailor_250_firmware
  • satcom_sailor_500
  • satcom_sailor_500_firmware